Description
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2011-4275 | Jenkins allows Cross-Site Scripting (XSS) |
Github GHSA |
GHSA-q3rp-555r-hh6r | Jenkins allows Cross-Site Scripting (XSS) |
References
History
No history.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-07T00:01:51.603Z
Reserved: 2011-11-04T00:00:00.000Z
Link: CVE-2011-4344
No data.
Status : Modified
Published: 2011-12-01T11:55:07.317
Modified: 2026-06-16T23:34:48.827
Link: CVE-2011-4344
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA