21 matches found
CVE-2021-21660
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter...
CVE-2019-10374
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI...
WordPress plugin Urdu Formatter – Shamil 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
SUSE CVE-2008-1108
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment...
Reflected XSS vulnerability in Jenkins markup formatter preview
Jenkins allows administrators to choose the markup formatter to use for descriptions of jobs, builds, views, etc. displayed in Jenkins. When editing such a description, users can choose to have Jenkins render a formatted preview of the description they entered. Jenkins 2.274 and earlier, LTS...
GHSA-922H-X9QV-2274 Jenkins PegDown Formatter Plugin has Cross-site Scripting vulnerability
PegDown Formatter Plugin uses the PegDown library to implement support for rendering Markdown formatted descriptions in Jenkins. It advertises disabling of HTML to prevent cross-site scripting XSS as a feature. PegDown Formatter Plugin does not prevent the use of javascript: scheme in URLs for...
Jenkins PegDown Formatter Plugin has Cross-site Scripting vulnerability
PegDown Formatter Plugin uses the PegDown library to implement support for rendering Markdown formatted descriptions in Jenkins. It advertises disabling of HTML to prevent cross-site scripting XSS as a feature. PegDown Formatter Plugin does not prevent the use of javascript: scheme in URLs for...
CVE-2021-21660
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter...
CVE-2021-21660
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter...
CVE-2021-21660
The CVE-2021-21660 entry concerns Jenkins Markdown Formatter Plugin versions 0.1.0 and earlier. The vulnerability arises because the plugin does not sanitize crafted link target URLs, causing a stored cross-site scripting (XSS) flaw. Exploitation requires the attacker to have the ability to edit ...
PT-2021-14703 · Jenkins · Jenkins Markdown Formatter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Markdown Formatter Plugin versions 0.1.0 and earlier Description: The issue results from the plugin's failure to sanitize crafted link target URLs, leading to a stored cross-site scripting XSS vulnerability. This vulnerability can be...
Jenkins 跨站脚本漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...
CVE-2019-10374
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI...
CVE-2019-10374
The CVE-2019-10374 issue affects Jenkins PegDown Formatter Plugin (versions 1.3 and earlier). A stored cross-site scripting vulnerability arises because users able to edit descriptions or other fields rendered by the configured markup formatter can inject links using the javascript: scheme into t...
Mandriva Update for evolution MDVSA-2008:111 (evolution)
Check for the Version of evolution OpenVAS Vulnerability Test Mandriva Update for evolution MDVSA-2008:111 evolution Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...
Mandriva Update for evolution MDVSA-2008:111 (evolution)
Check for the Version of evolution OpenVAS Vulnerability Test Mandriva Update for evolution MDVSA-2008:111 evolution Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...
Ubuntu Update for evolution vulnerabilities USN-615-1
Ubuntu Update for Linux kernel vulnerabilities USN-615-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6151.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for evolution vulnerabilities USN-615-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
CentOS Update for evolution28 CESA-2008:0515 centos4 x86_64
Check for the Version of evolution28 OpenVAS Vulnerability Test CentOS Update for evolution28 CESA-2008:0515 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
CVE-2008-1108
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment...
Buffer overflow
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment...