CVE-2022-31913

Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting XSS via /odfs/classes/Master.php?f=savecategory, name...

Online Tutor Portal Site SQL注入漏洞

Sourcecodester Online Discussion Forum Site is an application of Sourcecodester. A SQL injection vulnerability exists in Online Tutor Portal Site v1.0, which originates from /otps/classes/Master.php?f=deleteteam missing SQL data filter escaping. An attacker could use this vulnerability to execute...

CVE-2022-32358

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=deleteinquiry...

CVE-2022-32328

Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=deleteimg...

CVE-2022-1991

A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo " leads to cross site scripting. It is possible to launch the attack remotely but it...

Fast Food Ordering System 跨站脚本漏洞

A cross-site scripting vulnerability exists in Fast Food Ordering System 1.0, which stems from a lack of filtering and escaping of the parameter Description in Master.php, which could be exploited by an attacker to execute JavaScript code on the client side. vulnerability can be exploited to...

CVE-2022-31966

ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simplechatbot/classes/Master.php?f=deleteimg...

CVE-2022-31973

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=deleteimg...

CVE-2022-31354

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=getvehicleservice...

CVE-2022-31346

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=deleteservice...

CVE-2022-31342

Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=deleteimg...

Passwords stored in plain text by Harvest SCM Plugin

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-QJ7P-9HGF-X8J7 Passwords stored in plain text by Harvest SCM Plugin

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-GMG2-3W6V-945P Password stored in plain text by Parasoft Environment Manager Plugin

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

Token stored in plain text by DigitalOcean Plugin

Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system...

Credential stored in plain text by BMC Release Package and Deployment Plugin

Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. As of publication of this advisory, there is no fix...

GHSA-5C97-GXR3-R368 Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

GHSA-9HPQ-528P-48J3 Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials

Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-R9XC-54CQ-99R7 Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...