CVE-2013-2033

Jenkins < 1.509.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

References (3)

[Broken Link] http://osvdb.org/92982

[Vendor Advisory] http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/84004

Scores

EPSS 0.0018

EPSS Percentile 39.1%

Details

CWE

CWE-79

Status published

Products (5)

jenkins/jenkins < 1.509.1

jenkins/jenkins < 1.514

cloudbees/jenkins < 1.466.14.1

org.jenkins-ci.main/jenkins-core < 1.509.1Maven

n/a/n/a

Published Apr 10, 2014

Tracked Since Feb 18, 2026