CVE-2023-3974

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...

CVE-2022-29183

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...

CVE-2023-3974

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...

Command injection

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...

CVE-2023-3974 OS Command Injection in jgraph/drawio

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...

CVE-2023-3974 OS Command Injection in jgraph/drawio

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0...

JGraph draw.io 操作系统命令注入漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. An operating system command injection vulnerability exists in JGraph draw.io versions prior to 21.4.0, which stems from vulnerability to operating system command injection attacks...

Cross site scripting

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...

Cross site scripting

GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 inclusive are vulnerable to a Document Object Model DOM-based cross-site scripting attack via a pipeline run's Stage Details Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script tha...

CVE-2022-29183

CVE-2022-29183 affects ThoughtWorks GoCD (versions 20.2.0–21.4.0). A reflected cross-site scripting vulnerability stems from the pipeline comparison function’s error handling, allowing an attacker to render arbitrary HTML in the returned page and potentially manipulate resources accessible to the...

CVE-2022-29183 Reflected XSS in GoCD

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...

GoCD 跨站脚本漏洞

GoCD is a continuous delivery server. A cross-site scripting vulnerability exists in GoCD versions 19.11.0 through 21.4.0, which could be exploited by attackers to obtain a GoCD user's session cookie and execute malicious code...