JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2023-62634)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

CVE-2020-23064

A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim's web browser within the security context of the...

USN-6189-1 etcd vulnerability

It was discovered that etcd leaked credentials when debugging was enabled. This allowed remote attackers to discover etcd authentication credentials and possibly escalate privileges on systems using etcd...

CVE-2023-35145

A flaw was found in the Jenkins Sonargraph Integration Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. This flaw allows a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim...

CVE-2023-35144

A flaw was found in the Jenkins Maven Repository Server Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a web page, which would be...

CVE-2023-35143

A flaw was found in the Jenkins Maven Repository Server Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker can inject malicious script into a web page, which would be executed in a victim's web browser...

WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Coming Soon Page & Maintenance Mode, which can be exploited by an attacker to...

WordPress Photo Gallery Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Photo Gallery, which can be exploited by an attacker to execute script in a victim's web...

CVE-2023-2121

A flaw was found in HashiCorp Vault and Vault Enterprise, where they are vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the key-value v2 kv-v2 diff viewer. A remote, authenticated attacker can inject malicious script into a Web page which would be...

Amazon Linux AMI : squid (ALAS-2023-1766)

The version of squid installed on the remote host is prior to 3.5.20-17.48. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1766 advisory. Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in...

Security Bulletin: There is a vulnerability in jQuery UI used by IBM Maximo Asset Management (CVE-2022-31160)

Summary There is a vulnerability in jQuery UI used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A remote attacker could...

CVE-2023-22862 IBM Aspera information disclosure

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

PT-2023-18736 · Ibm · Ibm Aspera Connect +1

Name of the Vulnerable Software and Affected Versions: IBM Aspera Connect version 4.2.5 IBM Aspera Cargo version 4.2.5 Description: The issue concerns the transmission of authentication credentials using an insecure method, making them susceptible to unauthorized interception and/or retrieval...

CVE-2023-32977

A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which...

CVE-2023-26567

Sangoma FreePBX versions 1805–2302 (ISO install) expose plaintext credentials by placing AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the Asterisk Global Variables list. The issue enables retrieval of credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface via ...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remot...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2018-20676 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by t...

Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Security Bulletin: Vulnerability in IBM Advanced Management Module (CVE-2013-4007)

Summary Cross-Site Scripting XSS vulnerability is found in advsw.php page of IBM advanced Management Module. Vulnerability Details Abstract Cross-Site Scripting XSS vulnerability is found in advsw.php page of IBM advanced Management Module. Vulnerabily Details:| CVE ID: CVE-2013-4007 Description:...

Security Bulletin: IBM Security Verify Governance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input related to the HtmlResponseWriter (CVE-2013-5855)

Summary IBM Security Verify Governance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input related to the HtmlResponseWriter. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within...