40 matches found
EUVD-2013-5293
Malware in sbrugna...
EUVD-2018-8086
Malware in sbrugna...
EUVD-2024-1584
Malicious code in bioql PyPI...
EUVD-2022-3707
Malicious code in bioql PyPI...
EUVD-2023-31710
Malicious code in bioql PyPI...
EUVD-2022-1944
Malicious code in bioql PyPI...
EUVD-2023-1550
Malicious code in bioql PyPI...
CVE-2024-5273
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...
CVE-2020-2262
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
CVE-2020-2265
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
CVE-2024-5273
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...
Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks
Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control PerfPublisher report files to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets...
Cross site scripting
Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...
FortiAnalyzer - CSV injection in macro name
An improper neutralization of formula elements vulnerability CWE 1236 in FortiAnalyzer may allow a local authenticated privileged attacker to execute arbitrary code on the end-user's host via inserting spreadsheet formulas in the macro names. This is achieved once the user downloads and opens the...
Stored XSS vulnerability in Coverage/Complexity Scatter Plot Plugin
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
PT-2022-15288 · Juniper Networks · Juniper Networks Paragon Active Assurance
Name of the Vulnerable Software and Affected Versions: Juniper Networks Paragon Active Assurance version 3.1.0 Description: An issue in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially...
Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting XSS exploitable by attackers with Item/Configure permission or otherwise able to control report contents...
GHSA-7JH8-GHWC-82CW Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting XSS exploitable by attackers with Item/Configure permission or otherwise able to control report contents...
CVE-2022-28145
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting XSS exploitable by attackers with Item/Configure permission or otherwise able to control report contents...
PT-2022-18844 · Jenkins +1 · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Continuous Integration with Toad Edge Plugin versions 2.3 and earlier Description: The issue is related to the lack of Content-Security-Policy headers in report files served by the software, resulting in a stored cross-site scripting...