CVE-2013-5573 — Jenkins allows Cross-Site Scripting (XSS) in User Configuration

Description

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

How to fix CVE-2013-5573

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Maven/org.jenkins-ci.main:jenkins-core—no fix listed

Is CVE-2013-5573 being exploited?

Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 1.523

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-5573
PATCHgithub.com/jenkinsci/jenkins
WEBpacketstormsecurity.com/files/124513
WEBseclists.org/bugtraq/2013/Dec/104
WEBseclists.org/fulldisclosure/2013/Dec/159