613 matches found
Jenkins Fortify Plugin HTML injection vulnerability
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method. This results in an HTML injection vulnerability. Fortify Plugin 22.2.39 removes HTML tags from the error message...
PT-2023-27786 · Hcaptcha +1 · Hcaptcha +1
Name of the Vulnerable Software and Affected Versions: hCaptcha for EXT:form extension versions prior to 2.1.2 for TYPO3 Description: An issue was discovered in the hcaptcha extension, where it fails to check that the required captcha field is submitted in the form data, allowing a remote user to...
CVE-2023-4303
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability...
CVE-2023-4303
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability...
Jenkins Plugin Fortify 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...
Courier Deprixa Pro Integrated Web System 3.2.5 Cross Site Request Forgery
==================================================================================================================================== | Title : Courier Deprixa Pro - Integrated Web System v3.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
CVE-2022-43713
GX Software XperienCentral has an IAF validation bypass vulnerability (CVE-2022-43713) affecting versions 10.33.1 through 10.35.0, allowing invalid data input via Interactive Forms. The issue stems from bypassable form validation in IAF. Impact is mainly data integrity for inputs; CVSS indicates ...
CVE-2022-43713
Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...
GHSA-WGVX-9RH5-4G4M Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery
Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...
Jenkins Sumologic Publisher Plugin missing permission check
Jenkins Sumologic Publisher Plugin 2.2.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests,...
Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery
Jenkins Sumologic Publisher Plugin 2.2.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests,...
Jenkins Benchmark Evaluator Plugin missing permission check
Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb files on the...
GHSA-8GC7-WHPH-RX5Q Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery
Jenkins Test Results Aggregator Plugin 1.2.13 and earlier does not perform a permission check in an HTTP endpoint implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally,...
Jenkins Test Results Aggregator Plugin missing permission check
Jenkins Test Results Aggregator Plugin 1.2.13 and earlier does not perform a permission check in an HTTP endpoint implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally,...
JetBrains YouTrack 安全漏洞
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in versions prior to JetBrains YouTrack 2023.1.16597 that...
PT-2023-26211 · Jenkins · Jenkins Benchmark Evaluator Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Benchmark Evaluator Plugin versions 1.0.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL and to check for the existence of directories, .csv, and .ycsb...
Cross-site Scripting (XSS)
Sonargraph Integration Jenkins Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in doCheckLogFile function in SonargraphReportBuilder.java because it fails to escape the file path and the project name for the Log file field form validation which allows an attacker to...