CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

Fedora: Security Advisory for golang-github-spf13-cobra (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-spf13-cobra (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-0167

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making i...

CVE-2022-0167

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making i...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making i...

CVE-2022-0167

Removed by vendor...

CVE-2022-0167

GitLab CVE-2022-0167 affects 14.0–14.4.4, 14.5.0–14.5.2, and 14.6.0–14.6.1. Root cause: GitLab did not disable the autocomplete attribute on fields related to sensitive information, enabling information disclosure under certain conditions. Impact: information disclosure of sensitive data (non-con...

CVE-2022-0167

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making i...

Malicious code in vscode-zk-autocomplete (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef6c5ab582b886133c756b804fd654aed0d7d98e7ef453af9235dfcf1f21e623 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6979 Malicious code in vscode-zk-autocomplete (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef6c5ab582b886133c756b804fd654aed0d7d98e7ef453af9235dfcf1f21e623 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wafer-autocomplete (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 48040396ab61d07f0b56dbdb4430e079bac7b3b7ba3af6e9357f9cef0459105a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1642 Malicious code in boilerplate-fig-autocomplete (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67389c3e44cfbfd442d460784b14296f67697f35c7c4ea8077f730582e56c619 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in boilerplate-fig-autocomplete (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67389c3e44cfbfd442d460784b14296f67697f35c7c4ea8077f730582e56c619 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Jenkins Autocomplete Parameter Plugin跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited to execute arbitrary code without sandbox...

Jenkins Autocomplete Parameter Plugin跨站脚本漏洞（CNVD-2022-49967）

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Autocomplete Parameter Plugin 1.1 and earlier versions have a cross-si...

GHSA-7C3V-2JJV-HQ3C Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator...

GHSA-CJ9J-V8JP-6HM9 Cross-site Scripting in Jenkins Autocomplete Parameter Plugin

Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with...

Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator...

Cross-site Scripting in Jenkins Autocomplete Parameter Plugin

Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with...