Lucene search
+L

60 matches found

OSV
OSV
added 2023/04/25 7:15 p.m.4 views

CVE-2023-25485

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Bernhard Kux JSON Content Importer plugin = 1.3.15 versions...

4.8CVSS6.6AI score0.00369EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/02/06 12:0 a.m.9 views

WordPress Auto YouTube Importer Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Auto YouTube Importer Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23797 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 47682dbd17be Credits Mika Required...

8.8CVSS6.7AI score0.00264EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/24 5:3 p.m.25 views

GHSA-2J5W-CWC3-8HXW Improper Certificate Validation in Jenkins Spira Importer Plugin

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...

8.2CVSS8.3AI score0.00592EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:1 p.m.29 views

Plaintext Storage in Jenkins Spira Importer Plugin

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

5.5CVSS3.8AI score0.00323EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.4 views

Atlassian Jira 跨站请求伪造漏洞

Atlassian Jira Service is the server version of an IT service desk and request tracking system from Atlassian Australia. Atlassian Jira Server jira-importers-plugin is vulnerable to cross-site request forgery, which stems from jira-importers-plugin being misconfigured with XSRF protection. An...

6.5CVSS5.3AI score0.00616EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/28 12:0 a.m.3 views

CVE-2021-43941

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa via a Cross-Site Request Forgery CSRF vulnerability in the jira-importers-plugin. The affected versions are before...

6.5CVSS6.7AI score0.00616EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2021/11/01 9:1 p.m.74 views

CVE-2021-39333

CVE-2021-39333 : The Hashthemes Demo Importer Plugin for WordPress (versions

8.1CVSS8.2AI score0.01016EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/01 12:0 a.m.8 views

PT-2021-22539 · Hasthemes · Hashthemes Demo Importer Plugin

Name of the Vulnerable Software and Affected Versions: Hashthemes Demo Importer Plugin versions 1.1.1 and earlier Description: The issue allows logged-in users to execute a function that truncates nearly all database tables and removes the contents of wp-content/uploads, due to several AJAX...

8.1CVSS8AI score0.01016EPSS
Exploits1References4
CNVD
CNVD
added 2019/12/18 12:0 a.m.1 views

CloudBees Jenkins Spira Importer Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Spira Importer Plugin is used in one of the SpiraPla...

8.2CVSS6.9AI score0.00592EPSS
Exploits0References1
NVD
NVD
added 2019/12/17 3:15 p.m.17 views

CVE-2019-16558

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...

8.2CVSS8.3AI score0.00592EPSS
Exploits0References2
OSV
OSV
added 2019/12/17 3:15 p.m.6 views

CVE-2019-16558

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...

8.2CVSS7.3AI score0.00592EPSS
Exploits0References2
CVE
CVE
added 2019/12/17 2:40 p.m.63 views

CVE-2019-16558

CVE-2019-16558 affects the Jenkins Spira Importer Plugin, versions up to 3.2.3. The root cause is that the plugin disables SSL/TLS certificate validation in the Jenkins master JVM, allowing potential man-in-the-middle exposure. CVSS shows network attack with high impact on confidentiality (C) and...

8.2CVSS8.2AI score0.00592EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.22 views

CVE-2019-16558

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM...

8.3AI score0.00592EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/12/17 12:0 a.m.8 views

PT-2019-14713 · Jenkins · Jenkins Spira Importer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Spira Importer Plugin versions 3.2.3 and earlier Description: The issue concerns the disabling of SSL/TLS certificate validation for the Jenkins master JVM. Recommendations: For Jenkins Spira Importer Plugin versions 3.2.3 and earlier...

8.2CVSS8AI score0.00592EPSS
Exploits0References4
CNVD
CNVD
added 2019/11/26 12:0 a.m.2 views

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-17205)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Spira Importer Plugin is used in one of the SpiraPla...

5.5CVSS6.8AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2019/11/21 3:15 p.m.29 views

CVE-2019-16543

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

5.5CVSS5.4AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2019/11/21 3:15 p.m.5 views

CVE-2019-16543

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

5.5CVSS6.1AI score0.00323EPSS
Exploits0References2
Prion
Prion
added 2019/11/21 3:15 p.m.14 views

Design/Logic Flaw

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

2.1CVSS5.4AI score0.00323EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/11/21 2:11 p.m.84 views

CVE-2019-16543

The CVE-2019-16543 entry affects Jenkins Spira Importer Plugin versions 3.2.2 and earlier, where credentials are stored unencrypted in the plugin’s global configuration file on the Jenkins master. This exposes sensitive credentials to anyone with access to the master filesystem. Concretely, the r...

5.5CVSS5.4AI score0.00323EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2016/07/19 12:0 a.m.2 views

WordPress CSV Importer Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language.CSV Importer is one of the plug-ins for importing CSV or XML files. A cross-site scripting vulnerability exists in version 1.0 of the WordPress CSV Importer plugin, which can be exploited by...

6.2AI score
Exploits0References1
Rows per page
Query Builder