Description

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

Remediation

References

CVE-2013-5573

Related Vulnerabilities

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0155)

WordPress Plugin Delete Comments By Status Multiple Cross-Site Scripting Vulnerabilities (1.5.2)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-15132)

Jenkins Missing Authorization Vulnerability (CVE-2017-1000400)

MySQL CVE-2021-35575 Vulnerability (CVE-2021-35575)

Severity

Medium

Classification

CVE-2013-5573 CWE-707

Tags

Missing Update Known Vulnerabilities