FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-5573

This CVE name corresponds to:

Entered Topic
2014-02-15 jenkins -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-5573 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-5573
Phase Assigned(20130823)

Description

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

References

Source Reference
BUGTRAQ 20131217 [CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms
EXPLOIT-DB 30408
FULLDISC 20131217 [CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms
MISC http://packetstormsecurity.com/files/124513
OSVDB 101187
XF jenkins-cve20135573-xss(89872)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.