EUVD-2022-2715

Malicious code in bioql PyPI...

CVE-2024-28153

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting XSS vulnerability...

CVE-2021-43577

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2024-28153

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting XSS vulnerability...

CVE-2024-28153

Jenkins OWASP Dependency-Check Plugin, up to version 5.4.5, is affected by a stored XSS vulnerability caused by not escaping vulnerability metadata from Dependency-Check reports. Affected component: Dependency-Check Plugin for Jenkins. Impact (as stated across sources): an XSS vulnerability that ...

PT-2024-22299 · Jenkins · Jenkins Owasp Dependency-Check Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OWASP Dependency-Check Plugin versions 5.4.5 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because vulnerability metadata from Dependency-Check reports is not properly...

Jenkins OWASP Dependency-Check Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

XXE vulnerability in Jenkins OWASP Dependency-Check Plugin

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control workspace contents to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the...

org.jenkins-ci.plugins:dependency-check-jenkins-plugin (>=3.3.4 <=4.0.2) potentially affected by CVE-2021-21633 via org.jenkins-ci.plugins:dependency-track (=1.1.1)

org.jenkins-ci.plugins:dependency-track MAVEN version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:dependency-track and may be impacted: - org.jenkins-ci.plugins:dependency-check-jenkins-plugin =3.3.4, =4.0.2 Source cve...

GHSA-65CQ-WHR4-7C2V Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

CVE-2021-43577

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-43577

Summary: Jenkins OWASP Dependency-Check Plugin (version 5.1.1 and earlier) suffers an XXE flaw because its XML parser is not configured to block external entities. Impact (as described): a crafted XML file could cause Jenkins to parse external entities, enabling potential exposure of secrets and,...

CVE-2017-1000109

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

Cross site scripting

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

CVE-2017-1000109

CVE-2017-1000109 is confirmed in connected sources as a persisted XSS vulnerability in the Jenkins OWASP Dependency-Check Plugin, specifically in the custom Details view where input could inject arbitrary HTML. Multiple entries corroborate the issue and its association with the Dependency-Check J...