Lucene search
K

131 matches found

CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

es5-ext Security Vulnerability

es5-ext is an ECMAScript extension from the individual developer Mariusz Nowak. A security vulnerability exists in es5-ext prior to v0.10.63, which stems from the use of functions with very long names or complex default parameter names that may cause the script to halt...

5.5CVSS6.8AI score0.00535EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.6 views

PT-2026-5402

Name of the Vulnerable Software and Affected Versions Undertow affected versions not specified Description A flaw exists in Undertow where servlets utilizing a method that calls HttpServletRequestImpl.getParameterNames may experience an OutOfMemoryError when handling client requests with...

7.5CVSS5.9AI score0.00575EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.5 views

SUSE CVE-2009-3619

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...

5CVSS7AI score0.01771EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.5 views

Online Eyewear Shop 跨站脚本漏洞

Online Eyewear Shop is an online eyewear store from the personal developer Carlo Montero. Online Eyewear Shop suffers from a cross-site scripting vulnerability that stems from the firstname/middlename/lastname/lastname/contact parameter of some functions on the oews/classes/Users.php page...

6.1CVSS4.7AI score0.0039EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/11 12:0 a.m.34 views

ForU CMS 跨站脚本漏洞

ForU CMS is a website builder system by ForU Open Source. A security vulnerability exists in ForU CMS that originates from unknown code in cmschip.php. An attacker can exploit the vulnerability to cause cross-site scripting through manipulation of parameter names...

5.4CVSS5.4AI score0.00344EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/10/12 12:0 a.m.5 views

The vulnerability of the Apache Struts software platform, related to deficiencies in access control, allows attackers to trigger a service failure.

The vulnerability of the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to trigger service failures through specially crafted requests with very long parameter names...

5.3CVSS7.7AI score0.08353EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.53 views

Cross-site Scripting in Jenkins Maven Metadata Plugin

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.00606EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.46 views

Cross-site Scripting in Jenkins Agent Server Parameter Plugin

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...

5.4CVSS5.7AI score0.00606EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34190

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.00606EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34185

Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.00606EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34194

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.00606EPSS
Exploits0References2
OSV
OSV
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34193

Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.00606EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.5 views

CVE-2022-34196

Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.00759EPSS
Exploits0References2
OSV
OSV
added 2022/06/23 5:15 p.m.3 views

CVE-2022-34189

Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.00606EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.3 views

CVE-2022-34197

Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.00606EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.3 views

CVE-2022-34191

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.00606EPSS
Exploits0References2
OSV
OSV
added 2022/06/23 5:15 p.m.4 views

CVE-2022-34188

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score0.00606EPSS
Exploits0References1
OSV
OSV
added 2022/06/23 5:15 p.m.4 views

CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

7.5CVSS6.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.9 views

PT-2022-22052 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.9 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name and description of CRX Content Package Choi...

8CVSS5.8AI score0.00759EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2022/06/17 5:40 a.m.5 views

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

5.4CVSS5.7AI score0.02435EPSS
Exploits0References5
Rows per page
Query Builder