EUVD-2025-205906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BasePress Knowledge Base documentation & wiki plugin – BasePress allows Stored XSS.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.17.0.1...

PT-2024-12246 · WordPress · Fahad Mahmood Wp Docs

Name of the Vulnerable Software and Affected Versions: Fahad Mahmood WP Docs versions 1.9.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For versions...

PT-2024-20610 · Unknown · Knowledge Base For Documentation

Name of the Vulnerable Software and Affected Versions: Knowledge Base for Documentation, FAQs with AI Assistance versions n/a through 11.30.2 Description: The issue is related to Deserialization of Untrusted Data, which affects the Knowledge Base for Documentation, FAQs with AI Assistance plugin...

CVE-2023-5802

Cross-Site Request Forgery CSRF vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin = 1.3.4 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin = 1.3.4 versions...

SUSE CVE-2018-1000144

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseActiondoDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these...

GHSA-Q7JX-R75R-HGJ2 Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseActiondoDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these...

Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseActiondoDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these...

GHSA-85VG-GRR5-PW42 Insecure password handling vulnerability in Strapi

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacker can get the victim's cookie, base64 decode it, and obtain a cleartext password, leading to...

Insecure password handling vulnerability in Strapi

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacker can get the victim's cookie, base64 decode it, and obtain a cleartext password, leading to...

Format string

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

CVE-2021-46440

The CVE-2021-46440 issue affects Strapi (DOCUMENTATION plugin) prior to 3.6.9 and prior to 4.1.5. It stores passwords in a recoverable format, allowing an attacker who can access a victim’s HTTP request to retrieve the cookie, base64-decode it, and obtain a cleartext password. This enables access...

Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities

Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...

Strapi 安全漏洞

Strapi is an open source headless content management system CMS. A security vulnerability exists in Strapi that stems from the storage of passwords in a recoverable format in the DOCUMENTATION plug-in component. An attacker could use this vulnerability to access a victim's HTTP request, obtain th...

Strapi 3.6.8 Password Disclosure / Insecure Handling

Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...

CVE-2018-1000144

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseActiondoDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these...

CVE-2018-1000144

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseActiondoDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these...

CVE-2018-1000144

CVE-2018-1000144 affects Jenkins in the Cucumber Living Documentation Plugin (versions 1.0.12 and older). The root cause is in CukedoctorBaseAction#doDynamic, which disables the Content-Security-Policy for archived artifacts and workspace files, allowing an attacker who can control those files to...