CVE-2012-0324
published 2012-03-09CVE-2012-0324: Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.14%
62.6th percentile
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
Affected
142 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudbees | jenkins | <= 1.453 | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| cloudbees | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
| jenkins | jenkins | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Jenkins allows Cross-Site Scripting (XSS)
osv·2022-05-04·CVSS 4.3
CVE-2012-0325 [MEDIUM] Jenkins allows Cross-Site Scripting (XSS)
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.
OSV
Jenkins allows Cross-Site Scripting (XSS)
osv·2022-05-04·CVSS 4.3
CVE-2012-0324 [MEDIUM] Jenkins allows Cross-Site Scripting (XSS)
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
GHSA
Jenkins allows Cross-Site Scripting (XSS)
ghsa·2022-05-04·CVSS 4.3
CVE-2012-0325 [MEDIUM] CWE-79 Jenkins allows Cross-Site Scripting (XSS)
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.
GHSA
Jenkins allows Cross-Site Scripting (XSS)
ghsa·2022-05-04·CVSS 4.3
CVE-2012-0324 [MEDIUM] CWE-79 Jenkins allows Cross-Site Scripting (XSS)
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-0324 jenkins: unspecified XSS flaw
bugzilla·2012-03-09·CVSS 4.3
CVE-2012-0324 [MEDIUM] CVE-2012-0324 jenkins: unspecified XSS flaw
CVE-2012-0324 jenkins: unspecified XSS flaw
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0324 to
the following vulnerability:
Name: CVE-2012-0324
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0324
Assigned: 20120104
Reference: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb
Reference: http://jvn.jp/en/jp/JVN14791558/index.html
Reference: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022
Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before
1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x
before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers
to inject arbitrary web script or HTML via unspecified vectors, a
different vulnerability than CVE-2012-0325.
Bugzilla
CVE-2012-0325 jenkins: unspecified XSS flaw
bugzilla·2012-03-09·CVSS 4.3
CVE-2012-0325 [MEDIUM] CVE-2012-0325 jenkins: unspecified XSS flaw
CVE-2012-0325 jenkins: unspecified XSS flaw
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0325 to
the following vulnerability:
Name: CVE-2012-0325
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0325
Assigned: 20120104
Reference: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb
Reference: JVN:JVN#79950061
Reference: http://jvn.jp/en/jp/JVN79950061/index.html
Reference: JVNDB:JVNDB-2012-000023
Reference: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023
Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before
1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x
before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers
to inject arbitrary web script or HTML via unspecified vectors, a
differ
http://jvn.jp/en/jp/JVN14791558/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000022http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cbhttp://www.securityfocus.com/bid/52384http://jvn.jp/en/jp/JVN14791558/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000022http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cbhttp://www.securityfocus.com/bid/52384
2012-03-09
Published