131 matches found
es5-ext Security Vulnerability
es5-ext is an ECMAScript extension from the individual developer Mariusz Nowak. A security vulnerability exists in es5-ext prior to v0.10.63, which stems from the use of functions with very long names or complex default parameter names that may cause the script to halt...
PT-2026-5402
Name of the Vulnerable Software and Affected Versions Undertow affected versions not specified Description A flaw exists in Undertow where servlets utilizing a method that calls HttpServletRequestImpl.getParameterNames may experience an OutOfMemoryError when handling client requests with...
SUSE CVE-2009-3619
Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...
Online Eyewear Shop 跨站脚本漏洞
Online Eyewear Shop is an online eyewear store from the personal developer Carlo Montero. Online Eyewear Shop suffers from a cross-site scripting vulnerability that stems from the firstname/middlename/lastname/lastname/contact parameter of some functions on the oews/classes/Users.php page...
ForU CMS 跨站脚本漏洞
ForU CMS is a website builder system by ForU Open Source. A security vulnerability exists in ForU CMS that originates from unknown code in cmschip.php. An attacker can exploit the vulnerability to cause cross-site scripting through manipulation of parameter names...
The vulnerability of the Apache Struts software platform, related to deficiencies in access control, allows attackers to trigger a service failure.
The vulnerability of the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to trigger service failures through specially crafted requests with very long parameter names...
Cross-site Scripting in Jenkins Maven Metadata Plugin
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
Cross-site Scripting in Jenkins Agent Server Parameter Plugin
Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...
CVE-2022-34190
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
CVE-2022-34185
Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34194
Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34193
Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34196
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34189
Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34197
Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34191
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34188
Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...
PT-2022-22052 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.9 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name and description of CRX Content Package Choi...
subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...