2 matches found
jenkins: Reflected XSS vulnerability in markup formatter preview
A flaw was found in jenkins. A cross-site scripting XSS vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat...
GHSA-7RP2-FM2H-WCHJ Django Cross-site Scripting in AdminURLFieldWidget
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...