CVSS: 4.3EPSS: 0%CPEs: 144EXPL: 0CVE-2012-0324
https://notcve.org/view.php?id=CVE-2012-0324
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.454, Jenkins LTS en versiones anteriores a 1.424.5 y Jenkins Enterprise 1.400.x en versiones anteriores a 1.400.0.13 y 1.424.x en versiones anteriores a 1.424.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2012-0325. • http://jvn.jp/en/jp/JVN14791558/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb http://www.securityfocus.com/bid/52384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •