3.5

CVE-2012-6074

Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.

Data is provided by the National Vulnerability Database (NVD)
CloudbeesJenkins Version <= 1.480.3.1
JenkinsJenkins Version1.400
JenkinsJenkins Version1.401
JenkinsJenkins Version1.402
JenkinsJenkins Version1.403
JenkinsJenkins Version1.404
JenkinsJenkins Version1.405
JenkinsJenkins Version1.406
JenkinsJenkins Version1.407
JenkinsJenkins Version1.408
JenkinsJenkins Version1.409
JenkinsJenkins Version1.410
JenkinsJenkins Version1.411
JenkinsJenkins Version1.412
JenkinsJenkins Version1.413
JenkinsJenkins Version1.414
JenkinsJenkins Version1.415
JenkinsJenkins Version1.416
JenkinsJenkins Version1.417
JenkinsJenkins Version1.418
JenkinsJenkins Version1.419
JenkinsJenkins Version1.420
JenkinsJenkins Version1.421
JenkinsJenkins Version1.422
JenkinsJenkins Version1.423
JenkinsJenkins Version1.424
JenkinsJenkins Version1.425
JenkinsJenkins Version1.426
JenkinsJenkins Version1.427
JenkinsJenkins Version1.428
JenkinsJenkins Version1.429
JenkinsJenkins Version1.430
JenkinsJenkins Version1.431
JenkinsJenkins Version1.432
JenkinsJenkins Version1.433
JenkinsJenkins Version1.434
JenkinsJenkins Version1.435
JenkinsJenkins Version1.436
JenkinsJenkins Version1.437
CloudbeesJenkins Version1.447.1.1 Update- Editionenterprise
CloudbeesJenkins Version1.447.2.2 Update- Editionenterprise
CloudbeesJenkins Version1.447.3.1 Update- Editionenterprise
CloudbeesJenkins Version1.424.0.2 Update- Editionenterprise
CloudbeesJenkins Version1.424.0.4 Update- Editionenterprise
CloudbeesJenkins Version1.424.1.1 Update- Editionenterprise
CloudbeesJenkins Version1.424.2.1 Update- Editionenterprise
CloudbeesJenkins Version1.424.4.1 Update- Editionenterprise
CloudbeesJenkins Version1.424.5.1 Update- Editionenterprise
CloudbeesJenkins Version1.424.6.1 Update- Editionenterprise
CloudbeesJenkins Version1.424.6.11 Update- Editionenterprise
CloudbeesJenkins Version1.466.1.2 Update- Editionenterprise
CloudbeesJenkins Version1.466.2.1 Update- Editionenterprise
CloudbeesJenkins Version1.400 Update- Editionlts
CloudbeesJenkins Version1.424 Update- Editionlts
CloudbeesJenkins Version1.447 Update- Editionlts
JenkinsJenkins Version <= 1.466.2
JenkinsJenkins Version1.409.1
JenkinsJenkins Version1.409.2
JenkinsJenkins Version1.409.3
JenkinsJenkins Version1.424.1
JenkinsJenkins Version1.424.2
JenkinsJenkins Version1.424.3
JenkinsJenkins Version1.424.4
JenkinsJenkins Version1.424.5
JenkinsJenkins Version1.424.6
JenkinsJenkins Version1.447.1
JenkinsJenkins Version1.447.2
JenkinsJenkins Version1.466.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.23% 0.424
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.