Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-y95w-2r5s-gufd

Summary

Jenkins allows Cross-Site Scripting (XSS) in User Configuration
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

Aliases

alias	CVE-2013-5573

alias	GHSA-52g6-pfrq-rxfv

Fixed_packages

Affected_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@1.523

purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.523

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y95w-2r5s-gufd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.523

url pkg:rpm/redhat/jenkins@1.565.3-1?arch=el6op

purl pkg:rpm/redhat/jenkins@1.565.3-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1r79-ts6t-hufh

vulnerability	VCID-1zas-w8w2-4ydr

vulnerability	VCID-28y2-gqhb-k7ak

vulnerability	VCID-2vbv-gzfv-83ae

vulnerability	VCID-4hfu-spf7-a3hw

vulnerability	VCID-52sp-kv9t-gye3

vulnerability	VCID-5ey2-dm5w-y7a6

vulnerability	VCID-6avm-s2zj-5qex

vulnerability	VCID-6qdw-fvzm-4kdx

vulnerability	VCID-7p5d-b885-sycx

vulnerability	VCID-bkyy-edpd-m3cy

vulnerability	VCID-bn9w-mr5k-ufen

vulnerability	VCID-c43n-xyfr-aqbe

vulnerability	VCID-ds2c-vfv9-1yhf

vulnerability	VCID-fnh5-jm4p-6yc8

vulnerability	VCID-hvd6-bj7t-q7fj

vulnerability	VCID-napq-s84t-dfct

vulnerability	VCID-nwz6-6gd9-gyac

vulnerability	VCID-r79s-gp2g-13b7

vulnerability	VCID-u21t-wbdr-auez

vulnerability	VCID-u321-xdwe-gfdp

vulnerability	VCID-vznw-vuay-7bcg

vulnerability	VCID-w6we-64uv-d3h7

vulnerability	VCID-y95w-2r5s-gufd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@1.565.3-1%3Farch=el6op

url pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0?arch=el6op

purl pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1r79-ts6t-hufh

vulnerability	VCID-1zas-w8w2-4ydr

vulnerability	VCID-28y2-gqhb-k7ak

vulnerability	VCID-2vbv-gzfv-83ae

vulnerability	VCID-4hfu-spf7-a3hw

vulnerability	VCID-52sp-kv9t-gye3

vulnerability	VCID-5ey2-dm5w-y7a6

vulnerability	VCID-6avm-s2zj-5qex

vulnerability	VCID-6qdw-fvzm-4kdx

vulnerability	VCID-7p5d-b885-sycx

vulnerability	VCID-bkyy-edpd-m3cy

vulnerability	VCID-bn9w-mr5k-ufen

vulnerability	VCID-c43n-xyfr-aqbe

vulnerability	VCID-ds2c-vfv9-1yhf

vulnerability	VCID-fnh5-jm4p-6yc8

vulnerability	VCID-hvd6-bj7t-q7fj

vulnerability	VCID-napq-s84t-dfct

vulnerability	VCID-nwz6-6gd9-gyac

vulnerability	VCID-r79s-gp2g-13b7

vulnerability	VCID-u21t-wbdr-auez

vulnerability	VCID-u321-xdwe-gfdp

vulnerability	VCID-vznw-vuay-7bcg

vulnerability	VCID-w6we-64uv-d3h7

vulnerability	VCID-y95w-2r5s-gufd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.20.3.5-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.20.3.5-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1zas-w8w2-4ydr

vulnerability	VCID-28y2-gqhb-k7ak

vulnerability	VCID-2vbv-gzfv-83ae

vulnerability	VCID-4hfu-spf7-a3hw

vulnerability	VCID-52sp-kv9t-gye3

vulnerability	VCID-6avm-s2zj-5qex

vulnerability	VCID-6qdw-fvzm-4kdx

vulnerability	VCID-7p5d-b885-sycx

vulnerability	VCID-bkyy-edpd-m3cy

vulnerability	VCID-bn9w-mr5k-ufen

vulnerability	VCID-c43n-xyfr-aqbe

vulnerability	VCID-ds2c-vfv9-1yhf

vulnerability	VCID-fnh5-jm4p-6yc8

vulnerability	VCID-hvd6-bj7t-q7fj

vulnerability	VCID-napq-s84t-dfct

vulnerability	VCID-nwz6-6gd9-gyac

vulnerability	VCID-r79s-gp2g-13b7

vulnerability	VCID-u21t-wbdr-auez

vulnerability	VCID-u321-xdwe-gfdp

vulnerability	VCID-vznw-vuay-7bcg

vulnerability	VCID-w6we-64uv-d3h7

vulnerability	VCID-y95w-2r5s-gufd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.20.3.5-1%3Farch=el6op

References

reference_url

http://packetstormsecurity.com/files/124513

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/124513

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5573.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5573.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-5573

reference_id

reference_type

scores

value	0.01627
scoring_system	epss
scoring_elements	0.81908
published_at	2026-04-21T12:55:00Z

value	0.01627
scoring_system	epss
scoring_elements	0.81867
published_at	2026-04-09T12:55:00Z

value	0.01627
scoring_system	epss
scoring_elements	0.81931
published_at	2026-04-24T12:55:00Z

value	0.01627
scoring_system	epss
scoring_elements	0.81906
published_at	2026-04-18T12:55:00Z

value	0.01627
scoring_system	epss
scoring_elements	0.81869
published_at	2026-04-13T12:55:00Z

value	0.01627
scoring_system	epss
scoring_elements	0.81874
published_at	2026-04-12T12:55:00Z

value	0.01627
scoring_system	epss
scoring_elements	0.81886
published_at	2026-04-11T12:55:00Z

value	0.01627
scoring_system	epss
scoring_elements	0.8186
published_at	2026-04-08T12:55:00Z

value	0.02425
scoring_system	epss
scoring_elements	0.85101
published_at	2026-04-04T12:55:00Z

value	0.02425
scoring_system	epss
scoring_elements	0.85083
published_at	2026-04-02T12:55:00Z

value	0.02425
scoring_system	epss
scoring_elements	0.8507
published_at	2026-04-01T12:55:00Z

value	0.02425
scoring_system	epss
scoring_elements	0.85105
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-5573

reference_url

http://seclists.org/bugtraq/2013/Dec/104

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/bugtraq/2013/Dec/104

reference_url

http://seclists.org/fulldisclosure/2013/Dec/159

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2013/Dec/159

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/89872

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/89872

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://web.archive.org/web/20200229071540/http://www.securityfocus.com/bid/64414

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229071540/http://www.securityfocus.com/bid/64414

reference_url

http://www.exploit-db.com/exploits/30408

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.exploit-db.com/exploits/30408

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1044976
reference_id	1044976
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1044976

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-5573

reference_id

CVE-2013-5573

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-5573

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30408.txt
reference_id	CVE-2013-5573;OSVDB-101187
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30408.txt

reference_url

https://github.com/advisories/GHSA-52g6-pfrq-rxfv

reference_id

GHSA-52g6-pfrq-rxfv

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-52g6-pfrq-rxfv

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	96
name	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
description	The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.

Exploits

date_added	2013-12-21
description	Jenkins 1.523 - Persistent HTML Code
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`false`
source_date_published	2013-12-18
exploit_type	webapps
platform	php
source_date_updated	2013-12-21
data_source	Exploit-DB
source_url

Severity_range_score 0.1 - 3

Exploitability 2.0

Weighted_severity 2.7

Risk_score 5.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y95w-2r5s-gufd

Vulnerability Instance