CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

797 matches found

Github Security Blog•added 2022/05/18 12:0 a.m.•31 views

Cross-site Scripting in Jenkins Autocomplete Parameter Plugin

Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score0.00217EPSS

Exploits0References3Affected Software1

OSV•added 2022/05/18 12:0 a.m.•30 views

GHSA-PPWV-MVQG-Q89H Cross-site Scripting in Jenkins Autocomplete Parameter Plugin

8CVSS5.8AI score0.00217EPSS

Exploits0References3

ATTACKERKB•added 2022/05/17 3:15 p.m.•3 views

CVE-2022-30970

Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with...

5.4CVSS5.9AI score0.00217EPSS

Exploits0References2

NVD•added 2022/05/17 3:15 p.m.•13 views

CVE-2022-30970

5.4CVSS0.00217EPSS

Exploits0References1

OSV•added 2022/05/17 3:15 p.m.•13 views

CVE-2022-30970

5.4CVSS5.3AI score

Exploits0References1

OSV•added 2022/05/17 3:15 p.m.•13 views

CVE-2022-30969

A cross-site request forgery CSRF vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator...

8.8CVSS9.1AI score

Exploits0References1

NVD•added 2022/05/17 3:15 p.m.•12 views

CVE-2022-30969

8.8CVSS0.00115EPSS

Exploits0References1

ATTACKERKB•added 2022/05/17 3:15 p.m.•2 views

CVE-2022-30969

8.8CVSS7.6AI score0.00115EPSS

Exploits0References2

NVD•added 2022/05/17 3:15 p.m.•28 views

CVE-2022-30961

Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.00217EPSS

Exploits0References1

ATTACKERKB•added 2022/05/17 3:15 p.m.•2 views

CVE-2022-30961

5.4CVSS6AI score0.00217EPSS

Exploits0References2

OSV•added 2022/05/17 3:15 p.m.•21 views

CVE-2022-30961

5.4CVSS5.4AI score

Exploits0References1

Prion•added 2022/05/17 3:15 p.m.•14 views

Cross site request forgery (csrf)

6.8CVSS9AI score0.00115EPSS

Exploits0References1Affected Software1

Prion•added 2022/05/17 3:15 p.m.•16 views

Cross site scripting

3.5CVSS5.2AI score0.00217EPSS

Exploits0References1Affected Software1

Prion•added 2022/05/17 3:15 p.m.•11 views

Cross site scripting

3.5CVSS5.2AI score0.00217EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/05/17 2:6 p.m.•17 views

CVE-2022-30970

5.7AI score0.00217EPSS

Exploits0References1

CVE•added 2022/05/17 2:6 p.m.•118 views

CVE-2022-30970

CVE-2022-30970 affects Jenkins Autocomplete Parameter Plugin, versions 1.1 and earlier. The vulnerability arises from how Dropdown Autocomplete and Auto Complete String parameter names are referenced in views, with parameters not escaped in JavaScript embedded in view definitions, creating a stor...

5.4CVSS5.3AI score0.00217EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/05/17 2:6 p.m.•11 views

CVE-2022-30969

9.3AI score0.00115EPSS

Exploits0References1

CVE•added 2022/05/17 2:6 p.m.•137 views

CVE-2022-30969

CVE-2022-30969 affects Jenkins Autocomplete Parameter Plugin (versions 1.1 and earlier). The issue is a CSRF flaw that can allow an administrator’s session to run arbitrary code without sandbox protection when visiting a malicious page. Impact per available data: high, with CVSS3.1 base score 8.8...

8.8CVSS9AI score0.00115EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/05/17 2:6 p.m.•23 views

CVE-2022-30961

5.7AI score0.00217EPSS

Exploits0References1

CVE•added 2022/05/17 2:6 p.m.•95 views

CVE-2022-30961

CVE-2022-30961 : Jenkins Autocomplete Parameter Plugin (versions 1.1 and earlier) exposes a stored XSS vulnerability. The plugin does not escape the names of Dropdown Autocomplete and Auto Complete String parameters on views where parameters are displayed, allowing an attacker with Item/Configure...

5.4CVSS5.4AI score0.00217EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by