GHSA-W22P-4X9F-486V Jenkins GitHub Plugin has an XSS vulnerability

In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL. This results in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with Overall/Re...

Jenkins GitHub Plugin has an XSS vulnerability

In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL. This results in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with Overall/Re...

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

PT-2026-35917

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Plugin versions prior to 1.46.1 Description Improper processing of the current job URL within the JavaScript used to validate the "GitHub hook trigger for GITScm polling" feature allows non-anonymous attackers with Overall/Read...

EUVD-2022-3034

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-12156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle 3.x has XSS in the contact form on the non-respondents page in non-anonymous feedback. CVE-2017-12156 Note that Nessus relies on the presence of the...

SUSE CVE-2017-12156

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...

GHSA-7MFW-G8X4-RQ2W Moodle XSS Vulnerability

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...

Moodle XSS Vulnerability

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...

Moodle cross-site scripting vulnerability (CNVD-2017-27611)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A cross-site scripting vulnerability exists in the contact form on the 'non-respondent...

UBUNTU-CVE-2017-12156

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...

CVE-2017-12156

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...

CVE-2017-12156

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...

Design/Logic Flaw

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...

CVE-2017-12156

CVE-2017-12156 affects Moodle 3.x, with an XSS in the contact form on the non-respondents page of non-anonymous feedback. The vulnerability enables script injection (confidentiality/integrity impact listed as low) with user interaction required and network access. Public details show Fedora advis...

Recently updated links for users with personal spaces link to profile if personal space is not accessible

Users without the global access right for personal space can still see links to personal spaces in the "Recently updated" list on their dashboard. This is a serious security problem for extranets, when one wants to prevent non anonymous external users to see who's using the wiki. Note: this probl...