CVE-2012-0325 — Cross-site Scripting in Jenkins

CWE-79 — Cross-site Scripting7 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 57.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudbees Jenkins Jenkins

Timeline

PublishedMar 9

Latest updateMay 4

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDcloudbees/jenkins1.453+4

▶NVDjenkins/jenkins137 versions+136

🔴Vulnerability Details

OSV

Jenkins allows Cross-Site Scripting (XSS)↗2022-05-04

▶

GHSA

Jenkins allows Cross-Site Scripting (XSS)↗2022-05-04

▶

GHSA

Jenkins allows Cross-Site Scripting (XSS)↗2022-05-04

▶

CVEList

CVE-2012-0325: Cross-site scripting (XSS) vulnerability in Jenkins before 1↗2012-03-09

▶

💬Community

Bugzilla

CVE-2012-0325 jenkins: unspecified XSS flaw↗2012-03-09

▶

Bugzilla

CVE-2012-0324 jenkins: unspecified XSS flaw↗2012-03-09

▶