60 matches found
CVE-2023-25485
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Bernhard Kux JSON Content Importer plugin = 1.3.15 versions...
WordPress Auto YouTube Importer Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Auto YouTube Importer Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23797 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 47682dbd17be Credits Mika Required...
GHSA-2J5W-CWC3-8HXW Improper Certificate Validation in Jenkins Spira Importer Plugin
Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...
Plaintext Storage in Jenkins Spira Importer Plugin
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Atlassian Jira 跨站请求伪造漏洞
Atlassian Jira Service is the server version of an IT service desk and request tracking system from Atlassian Australia. Atlassian Jira Server jira-importers-plugin is vulnerable to cross-site request forgery, which stems from jira-importers-plugin being misconfigured with XSRF protection. An...
CVE-2021-43941
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...
CVE-2021-39333
CVE-2021-39333 : The Hashthemes Demo Importer Plugin for WordPress (versions
PT-2021-22539 · Hasthemes · Hashthemes Demo Importer Plugin
Name of the Vulnerable Software and Affected Versions: Hashthemes Demo Importer Plugin versions 1.1.1 and earlier Description: The issue allows logged-in users to execute a function that truncates nearly all database tables and removes the contents of wp-content/uploads, due to several AJAX...
CloudBees Jenkins Spira Importer Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Spira Importer Plugin is used in one of the SpiraPla...
CVE-2019-16558
Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...
CVE-2019-16558
Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...
CVE-2019-16558
CVE-2019-16558 affects the Jenkins Spira Importer Plugin, versions up to 3.2.3. The root cause is that the plugin disables SSL/TLS certificate validation in the Jenkins master JVM, allowing potential man-in-the-middle exposure. CVSS shows network attack with high impact on confidentiality (C) and...
CVE-2019-16558
Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...
PT-2019-14713 · Jenkins · Jenkins Spira Importer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Spira Importer Plugin versions 3.2.3 and earlier Description: The issue concerns the disabling of SSL/TLS certificate validation for the Jenkins master JVM. Recommendations: For Jenkins Spira Importer Plugin versions 3.2.3 and earlier...
CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-17205)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Spira Importer Plugin is used in one of the SpiraPla...
CVE-2019-16543
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-16543
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-16543
The CVE-2019-16543 entry affects Jenkins Spira Importer Plugin versions 3.2.2 and earlier, where credentials are stored unencrypted in the plugin’s global configuration file on the Jenkins master. This exposes sensitive credentials to anyone with access to the master filesystem. Concretely, the r...
WordPress CSV Importer Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language.CSV Importer is one of the plug-ins for importing CSV or XML files. A cross-site scripting vulnerability exists in version 1.0 of the WordPress CSV Importer plugin, which can be exploited by...