CVE-2015-1813Cross-site Scripting in Jenkins

CWE-79Cross-site Scripting10 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 55.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JenkinsRedhat Openshift
Timeline
PublishedOct 16
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDjenkins/jenkins1.596.1+1

🔴Vulnerability Details

4
OSV
Jenkins allows Cross-Site Scripting (XSS)2022-05-17
GHSA
Jenkins allows Cross-Site Scripting (XSS)2022-05-17
GHSA
Jenkins Cross-site Scripting vulnerability2022-05-17
CVEList
CVE-2015-1813: Cross-site scripting (XSS) vulnerability in Jenkins before 12015-10-16

📋Vendor Advisories

3
Red Hat
jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)2015-03-23
Jenkins
Jenkins Security Advisory 2015-03-232015-03-23
Red Hat
jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)2015-03-23

💬Community

2
Bugzilla
CVE-2015-1806 CVE-2015-1807 CVE-2015-1813 CVE-2015-1812 CVE-2015-1811 CVE-2015-1810 CVE-2015-1808 CVE-2015-1809 CVE-2015-1814 jenkins: various flaws [fedora-all]2015-03-25
Bugzilla
CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)2015-03-25
CVE-2015-1813 — Cross-site Scripting in Jenkins | cvebase