Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/44140?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44140?format=api", "vulnerability_id": "VCID-qctz-vs9y-s7fr", "summary": "Jenkins allows Cross-Site Scripting (XSS) in User Configuration\nCross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.", "aliases": [ { "alias": "CVE-2013-5573" }, { "alias": "GHSA-52g6-pfrq-rxfv" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63488?format=api", "purl": "pkg:maven/org.jenkins-ci.main/jenkins-core@1.523", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qctz-vs9y-s7fr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.523" }, { "url": "http://public2.vulnerablecode.io/api/packages/175287?format=api", "purl": "pkg:rpm/redhat/jenkins@1.565.3-1?arch=el6op", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23j3-mret-p3fu" }, { "vulnerability": "VCID-44e7-q5az-kfdd" }, { "vulnerability": "VCID-4swh-vw4s-2kd3" }, { "vulnerability": "VCID-86yj-6jrx-audb" }, { "vulnerability": "VCID-8du4-pguk-xufz" }, { "vulnerability": "VCID-dyzn-kn37-9ub7" }, { "vulnerability": "VCID-gngu-jj3a-8fhk" }, { "vulnerability": "VCID-jrar-ahy7-4ud5" }, { "vulnerability": "VCID-jutz-hc8r-vqbg" }, { "vulnerability": "VCID-k36j-f4b3-8bfj" }, { "vulnerability": "VCID-mq9r-9w5v-huca" }, { "vulnerability": "VCID-p8y3-m68e-xfgn" }, { "vulnerability": "VCID-pd5w-n7r7-b7g8" }, { "vulnerability": "VCID-prkz-18vj-huam" }, { "vulnerability": "VCID-qctz-vs9y-s7fr" }, { "vulnerability": "VCID-qrku-1znm-6ken" }, { "vulnerability": "VCID-rczn-8mhg-r3gt" }, { "vulnerability": "VCID-u5tc-wg7e-hugj" }, { "vulnerability": "VCID-wbmv-s3gz-xfe4" }, { "vulnerability": "VCID-ww5y-dfs2-ubef" }, { "vulnerability": "VCID-xazs-qswk-97hg" }, { "vulnerability": "VCID-z5nz-eya3-ebez" }, { "vulnerability": "VCID-zwgz-acg7-sbh3" }, { "vulnerability": "VCID-zyc8-haw1-53dc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@1.565.3-1%3Farch=el6op" }, { "url": "http://public2.vulnerablecode.io/api/packages/175117?format=api", "purl": "pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0?arch=el6op", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23j3-mret-p3fu" }, { "vulnerability": "VCID-44e7-q5az-kfdd" }, { "vulnerability": "VCID-4swh-vw4s-2kd3" }, { "vulnerability": "VCID-86yj-6jrx-audb" }, { "vulnerability": "VCID-8du4-pguk-xufz" }, { "vulnerability": "VCID-dyzn-kn37-9ub7" }, { "vulnerability": "VCID-gngu-jj3a-8fhk" }, { "vulnerability": "VCID-jrar-ahy7-4ud5" }, { "vulnerability": "VCID-jutz-hc8r-vqbg" }, { "vulnerability": "VCID-k36j-f4b3-8bfj" }, { "vulnerability": "VCID-mq9r-9w5v-huca" }, { "vulnerability": "VCID-p8y3-m68e-xfgn" }, { "vulnerability": "VCID-pd5w-n7r7-b7g8" }, { "vulnerability": "VCID-prkz-18vj-huam" }, { "vulnerability": "VCID-qctz-vs9y-s7fr" }, { "vulnerability": "VCID-qrku-1znm-6ken" }, { "vulnerability": "VCID-rczn-8mhg-r3gt" }, { "vulnerability": "VCID-u5tc-wg7e-hugj" }, { "vulnerability": "VCID-wbmv-s3gz-xfe4" }, { "vulnerability": "VCID-ww5y-dfs2-ubef" }, { "vulnerability": "VCID-xazs-qswk-97hg" }, { "vulnerability": "VCID-z5nz-eya3-ebez" }, { "vulnerability": "VCID-zwgz-acg7-sbh3" }, { "vulnerability": "VCID-zyc8-haw1-53dc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0%3Farch=el6op" }, { "url": "http://public2.vulnerablecode.io/api/packages/175372?format=api", "purl": "pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.20.3.5-1?arch=el6op", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23j3-mret-p3fu" }, { "vulnerability": "VCID-44e7-q5az-kfdd" }, { "vulnerability": "VCID-4swh-vw4s-2kd3" }, { "vulnerability": "VCID-86yj-6jrx-audb" }, { "vulnerability": "VCID-dyzn-kn37-9ub7" }, { "vulnerability": "VCID-gngu-jj3a-8fhk" }, { "vulnerability": "VCID-jrar-ahy7-4ud5" }, { "vulnerability": "VCID-jutz-hc8r-vqbg" }, { "vulnerability": "VCID-k36j-f4b3-8bfj" }, { "vulnerability": "VCID-mq9r-9w5v-huca" }, { "vulnerability": "VCID-p8y3-m68e-xfgn" }, { "vulnerability": "VCID-pd5w-n7r7-b7g8" }, { "vulnerability": "VCID-prkz-18vj-huam" }, { "vulnerability": "VCID-qctz-vs9y-s7fr" }, { "vulnerability": "VCID-qrku-1znm-6ken" }, { "vulnerability": "VCID-rczn-8mhg-r3gt" }, { "vulnerability": "VCID-u5tc-wg7e-hugj" }, { "vulnerability": "VCID-wbmv-s3gz-xfe4" }, { "vulnerability": "VCID-xazs-qswk-97hg" }, { "vulnerability": "VCID-z5nz-eya3-ebez" }, { "vulnerability": "VCID-zwgz-acg7-sbh3" }, { "vulnerability": "VCID-zyc8-haw1-53dc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.20.3.5-1%3Farch=el6op" } ], "references": [ { "reference_url": "http://packetstormsecurity.com/files/124513", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/124513" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5573.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5573.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.8224", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.82239", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.82238", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.82209", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5573" }, { "reference_url": "http://seclists.org/bugtraq/2013/Dec/104", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/bugtraq/2013/Dec/104" }, { "reference_url": "http://seclists.org/fulldisclosure/2013/Dec/159", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2013/Dec/159" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89872", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89872" }, { "reference_url": "https://github.com/jenkinsci/jenkins", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/jenkins" }, { "reference_url": "https://web.archive.org/web/20200229071540/http://www.securityfocus.com/bid/64414", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229071540/http://www.securityfocus.com/bid/64414" }, { "reference_url": "http://www.exploit-db.com/exploits/30408", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.exploit-db.com/exploits/30408" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044976", "reference_id": "1044976", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1044976" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5573", "reference_id": "CVE-2013-5573", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5573" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30408.txt", "reference_id": "CVE-2013-5573;OSVDB-101187", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30408.txt" }, { "reference_url": "https://github.com/advisories/GHSA-52g6-pfrq-rxfv", "reference_id": "GHSA-52g6-pfrq-rxfv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-52g6-pfrq-rxfv" } ], "weaknesses": [ { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 96, "name": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", "description": "The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template." } ], "exploits": [ { "date_added": "2013-12-21", "description": "Jenkins 1.523 - Persistent HTML Code", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": false, "source_date_published": "2013-12-18", "exploit_type": "webapps", "platform": "php", "source_date_updated": "2013-12-21", "data_source": "Exploit-DB", "source_url": "" } ], "severity_range_score": "0.1 - 3", "exploitability": "2.0", "weighted_severity": "2.7", "risk_score": 5.4, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qctz-vs9y-s7fr" }