24 matches found
PT-2026-43504
The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP SELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
CVE-2018-1000604
A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user...
CVE-2022-23108
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
EUVD-2022-2260
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview djangocms-attributes-field is an Adds attributes to Django models. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of form Attributes fields in the Django CMS admin panel. An attacker can exploit this vulnerability through the...
Jenkins Badge Plugin cross-site scripting vulnerability
A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user...
GHSA-3XJQ-8J89-XRW9 Jenkins Badge Plugin cross-site scripting vulnerability
A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user...
Jenkins Badge Plugin Cross-Site Scripting Vulnerability
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...
Stored XSS vulnerability in Jenkins Badge Plugin
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
GHSA-5QX5-VG5W-5MX3 Stored XSS vulnerability in Jenkins Badge Plugin
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-23108
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-23108
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-23108
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-23108
The CVE-2022-23108 issue affects Jenkins Badge Plugin (version 1.9 and earlier). The vulnerability arises because the plugin does not escape the description field and does not enforce allowed protocols when creating a badge, leading to a stored XSS vulnerability. Exploitation requires attacker wi...
CVE-2022-23108
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
PT-2022-15850 · Jenkins · Jenkins Badge Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Badge Plugin versions 1.9 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape the description and does not check for allowed protocols when...
Jenkins Badge Plugin 跨站脚本漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...
CloudBees Jenkins Badge Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . Badge Plugin is used i...
CVE-2018-1000604
A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user...