CVE-2013-5573

Jenkins 1.523 - Stored Cross-Site Scripting via User Description Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5573. PoCs published by Christian Catalano.

AI-analyzed exploit summary This is a vulnerability writeup for CVE-2013-5573, describing an HTML injection flaw in Jenkins CI v1.523 where the default markup formatter allows offsite-bound forms. The PoC demonstrates how an attacker can inject a malicious form into the 'Description' field, leading to persistent phishing or redirects when viewed by other users.

Description

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

Exploits (1)

exploitdb WRITEUP

by Christian Catalano · textwebappsphp

https://www.exploit-db.com/exploits/30408

View Code ZIP pw:eip

This is a vulnerability writeup for CVE-2013-5573, describing an HTML injection flaw in Jenkins CI v1.523 where the default markup formatter allows offsite-bound forms. The PoC demonstrates how an attacker can inject a malicious form into the 'Description' field, leading to persistent phishing or redirects when viewed by other users.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Jenkins CI v1.523

Auth required

Prerequisites: Low-privilege user account in Jenkins CI

MITRE ATT&CK