CVE-2026-11833

CVE-2026-11833 affects FAST/TOOLS (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 to R10.04 and CI Server (all packages) from R1.01 to R1.04. The web server may return a response containing CI Server setting information, which could be exploited by an attacker for other attacks. The CVSS4 scor...

EUVD-2022-6289

Malicious code in bioql PyPI...

EUVD-2024-32668

Malicious code in bioql PyPI...

EUVD-2024-32667

Malicious code in bioql PyPI...

Yokogawa FAST/TOOLS and CI Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Yokogawa Equipment : FAST/TOOLS and CI Server Vulnerabilities : Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

CVE-2024-4105

A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...

CVE-2024-4106

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as...

CVE-2024-4106

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as...

CVE-2024-4106

Summary (CVE-2024-4106) Yokogawa FAST/TOOLS and CI Server are affected by an authentication issue due to built-in accounts with no passwords. Affected versions: FAST/TOOLS R9.01–R10.04 (Packages RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) and CI Server R1.01.00–R1.03.00. The CISA/ICS advisory details ...

CVE-2024-4106

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as...

CVE-2024-4105

A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...

CVE-2024-4105

CVE-2024-4105 affects Yokogawa FAST/TOOLS and CI Server. The issue is a reflected XSS in the WEB HMI server when processing HTTP requests, which could allow a malicious script to execute in a client browser. Affected products/versions: FAST/TOOLS RVSVRN/UNSVRN/HMIWEB/FTEES/HMIMOB (R9.01–R10.04) a...

CVE-2024-4105

A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...

GHSA-8294-MV9C-7M5H Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin

Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-36905

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-36905

The CVE-2022-36905 entry describes a stored XSS in Jenkins Maven Metadata Plugin for Jenkins CI server plugin versions 2.2 and earlier, caused by missing URL validation for the Repository Base URL of the List maven artifact versions parameter. The impact is exploitable by attackers with Item/Conf...

Cross-site Scripting in Jenkins Maven Metadata Plugin

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

Jenkins Maven Metadata for CI server Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. a cross-site scripting vulnerability exists in Jenkins Maven Metadata for CI...

Cross site scripting

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...