PT-2026-1400

Name of the Vulnerable Software and Affected Versions CBX Bookmark & Favorite plugin for WordPress versions through 2.0.4 Description The software contains a SQL Injection flaw due to inadequate input sanitization of the orderby parameter. This allows authenticated attackers with Subscriber-level...

WordPress CBX Bookmark & Favorite plugin <= 2.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin CBX Bookmark & Favorite versions = 2.0.1...

EUVD-2022-4419

Malicious code in bioql PyPI...

CVE-2024-32577 WordPress CBX Bookmark & Favorite plugin <= 1.7.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codeboxr Team CBX Bookmark & Favorite cbxwpbookmark allows Stored XSS.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.20...

WordPress CBX Bookmark & Favorite plugin <= 1.7.20 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin CBX Bookmark & Favorite versions = 1.7.20...

CVE-2023-51514 WordPress CBX Bookmark & Favorite Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codeboxr Team CBX Bookmark & Favorite allows Stored XSS.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.13...

WordPress CBX Bookmark & Favorite Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS)

Software CBX Bookmark & Favorite Type Plugin Vulnerable versions = 1.7.13 Fixed in 1.7.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51514 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b970dcc1144 Credits Ngô Thiên An ancorn from...

GHSA-JQWH-JRPG-5J3H Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification...

io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +10 more potentially affected by CVE-2017-1000244 via org.jvnet.hudson.plugins:favorite (>=1.16 <=2.3.1)

org.jvnet.hudson.plugins:favorite MAVEN version =1.16, =1.0-alpha-1, =1.27.17, =1.0.0, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =0.1, =1.0.0 Source cves: CVE-2017-1000244 Source advisory: OSV:GHSA-JQWH-JRPG-5J3H...

Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification...

io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +10 more potentially affected by CVE-2017-1000243 via org.jvnet.hudson.plugins:favorite (>=1.16 <=2.225.v68765b_b_a_1fa_3)

org.jvnet.hudson.plugins:favorite MAVEN version =1.16, =1.0-alpha-1, =1.27.17, =1.0.0, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =0.1, =1.0.0 Source cves: CVE-2017-1000243 Source advisory: OSV:GHSA-268V-2QQ7-84PF...

Missing permission check in Jenkins Favorite Plugin

Jenkins Favorite Plugin up to and including 2.1.0 does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites...

GHSA-268V-2QQ7-84PF Missing permission check in Jenkins Favorite Plugin

Jenkins Favorite Plugin up to and including 2.1.0 does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites...

CVE-2022-27196

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...

GHSA-874R-46C6-7P4R Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...

Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...

io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +10 more potentially affected by CVE-2022-27196 via org.jvnet.hudson.plugins:favorite (>=1.16 <=2.3.1)

org.jvnet.hudson.plugins:favorite MAVEN version =1.16, =1.0-alpha-1, =1.27.17, =1.0.0, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =0.1, =1.0.0 Source cves: CVE-2022-27196 Source advisory: OSV:GHSA-874R-46C6-7P4R...

CVE-2022-27196

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...

CVE-2022-27196

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...

CVE-2022-27196

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...