CVE-2013-5573 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <=1.523

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

EPSS: 0.02602 pctl0.85066

Details

Jenkins allows Cross-Site Scripting (XSS) in User Configuration Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

Metadata

Created: 2022-05-17T01:31:21Z
Modified: 2025-03-13T19:11:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-52g6-pfrq-rxfv/GHSA-52g6-pfrq-rxfv.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-52g6-pfrq-rxfv
Finding: F425
Auto approve: 1