797 matches found
Jenkins Autocomplete Parameter Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Autocomplete Parameter Plugin 1.1 and earlier versions have a cross-si...
PT-2022-20427 · Jenkins · Jenkins Autocomplete Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Autocomplete Parameter Plugin versions 1.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin references certain parameter names in an unsafe manner from...
Jenkins Autocomplete Parameter Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited to execute arbitrary code without sandbox...
PT-2022-20425 · Jenkins · Jenkins Autocomplete Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Autocomplete Parameter Plugin versions 1.1 and earlier Description: A cross-site request forgery CSRF issue allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator. Recommendations: For...
Jenkins Autocomplete Parameter Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from the program not properly escaping the names of th...
PT-2022-20417 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Autocomplete Parameter Plugin versions 1.1 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability due to the failure to escape the name of Dropdown Autocomplete and Auto Complete String parameter...
FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed Put the following payload in the Woocommerce FiboSearch Autocomplete Products - "No...
FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed PoC Put the following payload in the Woocommerce FiboSearch Autocomplete Products - "N...
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions SECURITY-385. The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to...
GHSA-6656-6QWX-4C2M Moodle XSS In Tag Autocomplete functionality
Cross-site scripting XSS vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Moodle XSS In Tag Autocomplete functionality
Cross-site scripting XSS vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
GHSA-468Q-9CMP-76WC Moodle does not consider the moodle/tag:edit capability before adding a tag
tag/tagautocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request...
[SECURITY] Fedora 36 Update: golang-github-spf13-cobra-1.4.0-2.fc36
Cobra is a library providing a simple interface to create powerful modern CLI interfaces similar to git & go tools. Cobra is also an application that will generate your application scaffolding to rapidly develop a Cobra-based application. Cobra provides: - Easy subcommand-based CLIs: app server,...
GHSA-7JVX-F994-RFW2 materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input
All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...
materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input
All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...
CVE-2022-25349
All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...
CVE-2022-25349
All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...
Cross site scripting
All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...
CVE-2022-25349
Removed by vendor...
CVE-2022-25349 Cross-site Scripting (XSS)
All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...