131 matches found
Jenkins List Git Branches Parameter 插件跨站脚本漏洞
Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building and deploying projects, and the Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier is vulnerable to a cross-site...
Jenkins Agent Server Parameter Plugin跨站脚本漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Agent Server Parameter Plugin 1.0 and earlier versions have a cross-site scripting vulnerability that stems from n...
CVE-2022-25189
Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-25189
Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
PT-2022-17129 · Jenkins · Jenkins Custom Checkbox Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Custom Checkbox Parameter Plugin versions 1.1 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This is due to the plugin not escaping parameter names of custom checkbox parameters. Attacke...
Jenkins Active Choices 跨站脚本漏洞
Jenkins Active Choices is a Jenkins open source application plugin . Used in parameterized free-form Jenkins jobs to create scripted , dynamic and interactive job parameters . A cross-site scripting vulnerability exists in the Jenkins Plugin, which stems from the Active Choices plugin version 2.5...
CVE-2021-21667
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Scriptler/Configure permission...
Jenkins Scriptler Plugin 跨站脚本漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in the Jenkins Scriptler Plugin that stems from the fact that Jenkins Scriptler Plugin...
PT-2021-14665 · Jenkins · Jenkins Artifact Repository Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Artifact Repository Parameter Plugin versions 1.0.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because parameter names and descriptions are not escaped. This vulnerability is...
PT-2020-15519 · Jenkins · Jenkins Active Choices Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Active Choices Plugin versions 2.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because the name and description of build parameters are not properly escaped. This vulnerability can be...
Parth - Heuristic Vulnerable Parameter Scanner
Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and SSRF attacks. Parth can go through your burp history, a list of URLs...
Arjun v1.1 - HTTP Parameter Discovery Suite
Features Multi-threading 3 modes of detection Regex powered heuristic scanning Huge list of 3370 parameter names Usage Note: Arjun doesn't work with python Note: Arjun uses nano as the default editor for the prompt bu...
CVE-2017-2601
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...
CVE-2017-2601
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...
Cross site scripting
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...
PT-2018-7128 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.44 Jenkins versions prior to 2.32.2 Description: The issue concerns a persisted cross-site scripting vulnerability in parameter names and descriptions. Users with the permission to configure jobs were able to injec...
CVE-2017-2601
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...
Cross site scripting
Cross-site scripting XSS vulnerability in redirect.php in the Socolissimo module modules/socolissimo/ in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values."...
CVE-2012-6641
CVE-2012-6641 is a cross-site scripting (XSS) vulnerability in the PrestaShop Socolissimo module (redirect.php, modules/socolissimo/) that allows injection of arbitrary script/HTML via parameter names and values. Affected software: PrestaShop before 1.4.7.2 (Socolissimo integration). Root cause: ...
Bubble Amoy(popotao)Amoy program official back door analysis-vulnerability warning-the black bar safety net
Bubble scouring is a pretty good Amoy built Station program, the official web site: http://www.popotao.com the. I was their one of the users of Since the official months are not updated to keep up with Taobao API update speed, so I want to solve on their own, put the official 6 a ZEND encrypted P...