Jenkins allows Cross-Site Scripting (XSS) in User Configuration

GHSA-52g6-pfrq-rxfv · CVE-2013-5573

Published May 17, 2022 · Modified Mar 13, 2025

Description

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-5573
WEB https://exchange.xforce.ibmcloud.com/vulnerabilities/89872
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://web.archive.org/web/20200229071540/http://www.securityfocus.com/bid/64414
WEB http://packetstormsecurity.com/files/124513
WEB http://seclists.org/bugtraq/2013/Dec/104
WEB http://seclists.org/fulldisclosure/2013/Dec/159
WEB http://www.exploit-db.com/exploits/30408

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes