72 matches found
PT-2025-6457 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: Apus Framework plugin for WordPress versions prior to 2.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to update arbitrary options on the WordPress site due to a missing capability check on the...
WordPress Gantry 4 Framework Plugin <= 4.1.21 is vulnerable to Cross Site Scripting (XSS)
Software Gantry 4 Framework Type Plugin Vulnerable versions = 4.1.21 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9382 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2e1bc106a0d6 Credits vgo0 Required...
WordPress Swift Framework plugin < 2024.04.30 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Swift Framework Page Builder versions 2024.04.30...
WordPress Swift Framework plugin < 2024.04.30 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Swift Framework Page Builder versions 2024.04.30...
WordPress plugin Swift Framework 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.15 / 2.346.2.3 Multiple Vulnerabilities (CloudBees Security Advisory 2022-07-27)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.15, or 2.x prior to 2.346.2.3. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forgery CSRF vulnerability in Jenki...
The vulnerability of the Jenkins Deployer Framework Plugin involves incorrect path name restrictions for restricted access directories, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Jenkins Deployer Framework Plugin is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Jenkins OpenShift Deployer Plugin, related to deficiencies in authentication procedures, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Jenkins Deployer Framework Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Jenkins Deployer Framework Plugin, related to deficiencies in authentication procedures, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Jenkins Deployer Framework Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
CVE-2022-36889
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...
CVE-2022-36891
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...
CVE-2022-36890
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2022-36889
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...
Information disclosure
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs...
CVE-2022-36890
CVE-2022-36890 concerns the Jenkins Deployer Framework Plugin (85.v1d1888e8c021 and earlier). The issue is an unrestricted filename in methods implementing form validation, enabling attackers with Item/Read permission to determine the existence of an attacker-specified path on the Jenkins control...
CVE-2022-36889
CVE-2022-36889 affects Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier. The root cause is that the plugin does not restrict the application path when configuring a deployment, enabling attackers with Item/Configure permission to upload arbitrary files from the Jenkins cont...
PT-2022-4017 · Jenkins · Jenkins Deployer Framework Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Deployer Framework Plugin versions 85.v1d1888e8c021 and earlier Description: The issue is related to the incorrect restriction of the application path when configuring a deployment, allowing attackers with Item/Configure permission to...
Stored XSS vulnerability in Jenkins Deployer Framework Plugin
Deployer Framework Plugin is a framework plugin allowing other plugins to provide a way to deploy artifacts. Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page. This results in a stored cross-site scripting XSS vulnerability exploitable by users abl...
CloudBees Jenkins Deployer Framework Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...
Vulnerabilities fixed in Jenkins
Several vulnerabilities have been fixed in Jenkins. A malicious user could potentially exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such an attack can lead to the execution of arbitrary script code in the browser used to visit the application. Jenkins developers hav...