logo

Database

Server side cross-site scripting In org.jenkins-ci.main:jenkins-core

Description

Jenkins allows Cross-Site Scripting (XSS) in User Configuration Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2013-55732. NVD-2013-55733. OSV-2013-55734. GCVE-2013-5573

References

1. https://exchange.xforce.ibmcloud.com/vulnerabilities/898722. https://web.archive.org/web/20200229071540/http://www.securityfocus.com/bid/644143. http://packetstormsecurity.com/files/1245134. http://seclists.org/bugtraq/2013/Dec/1045. http://seclists.org/fulldisclosure/2013/Dec/1596. http://www.exploit-db.com/exploits/30408

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.