48 matches found
EUVD-2022-1396
Malicious code in bioql PyPI...
EUVD-2023-1453
Malicious code in bioql PyPI...
EUVD-2025-2961
Malicious code in bioql PyPI...
CVE-2025-22746
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zartis HireHive Job Plugin zartis-job-plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through = 2.9.0...
CVE-2022-28151
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...
CVE-2022-28152
A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job...
CVE-2020-35749
Directory traversal vulnerability in class-simplejobboardresumedownloadhandler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjbfile parameter to wp-admin/post.php...
CVE-2019-10422
Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Cleartext Storage of Sensitive Information
Overview org.ukiuni.monitor-remote-job-plugin:monitor-remote-job is a monitor remote job. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information within config.xml files. An attacker can gain unauthorized access to sensitive data by exploiting the visibility...
CVE-2025-31725
CVE-2025-31725 affects the Jenkins monitor-remote-job Plugin (version 1.0). The issue is that passwords are stored in plaintext in job config.xml files on the Jenkins controller, and can be viewed by users with Extended Read permission or with access to the controller filesystem. The existing con...
PT-2025-14515 · Jenkins +1 · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins monitor-remote-job Plugin version 1.0 Description: The issue allows passwords to be stored unencrypted in job config.xml files on the Jenkins controller. These passwords can be viewed by users with Extended Read permission or those wh...
CVE-2025-22746
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zartis HireHive Job Plugin zartis-job-plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through = 2.9.0...
CVE-2025-22746
CVE-2025-22746: Stored XSS in HireHive Job Plugin (WordPress). Affected: HireHive Job Plugin versions up to 2.9.0. CVSS v3.1 base score 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). Patch status in provided sources is Unpatched; no remediation version details are provided. Monitor for updates.
CVE-2025-22746 WordPress HireHive Job Plugin plugin <= 2.9.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zartis HireHive Job Plugin zartis-job-plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through = 2.9.0...
WordPress plugin HireHive Job Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress HireHive Job Plugin plugin <= 2.9.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin HireHive Job Plugin versions = 2.9.0...
GHSA-JG35-VF67-GG2J Jenkins Shortcut Job Plugin stored cross-site scripting vulnerability
Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure shortcut jobs. Shortcut Job Plugin 0.5 escapes the shortcut redirection URL...
Jenkins Shortcut Job Plugin stored cross-site scripting vulnerability
Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure shortcut jobs. Shortcut Job Plugin 0.5 escapes the shortcut redirection URL...
CVE-2023-40346
Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure shortcut jobs...
Cross site scripting
Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure shortcut jobs...