CVE-2013-2033

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

Published : 2014-04-10 20:29 Updated : 2018-12-06 20:43

2.1
CVSS Score More info
Score 2.1 / 10
2.1
Vendor Product Version URI
Cloudbees Jenkins 1.466 cpe:/a:cloudbees:jenkins:1.466::~~enterprise~~~
Cloudbees Jenkins 1.480 cpe:/a:cloudbees:jenkins:1.480::~~enterprise~~~
  1. Cloudbees (1) Search CVE
    1. Jenkins (2) Search CVE
      1. 1.466
      2. 1.480

CWE

ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2018-12-06 20:43
2018-10-30 16:27
2017-08-29 06:22
2014-04-10 20:29

New CVE