CVE-2011-4344
Jenkins < 1.438 and 1.409 LTS < 1.409.3 - Cross-Site Scripting via Error Message
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
References (7)
Core 7
Core References
Patch mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/11/23/6
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50786
Patch, Vendor Advisory x_refsource_confirm
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
Patch mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/11/23/5
Patch x_refsource_confirm
https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46911
Mailing List mailing-list
x_refsource_mlist
http://groups.google.com/group/jenkinsci-advisories/msg/1b94588f90f876b5?dmode=source&output=gplain
Scores
EPSS
0.0038
EPSS Percentile
59.8%
Details
CWE
CWE-79
Status
published
Products (4)
jenkins/jenkins
1.409.1
jenkins/jenkins
1.409.2
jenkins/jenkins
< 1.437
org.jenkins-ci.main/jenkins-core
0 - 1.409.3Maven
Published
Dec 01, 2011
Tracked Since
Feb 18, 2026