5 matches found
PT-2025-34959
Name of the Vulnerable Software and Affected Versions: Pronamic Google Maps plugin for WordPress versions prior to 2.4.2 Description: The Pronamic Google Maps plugin for WordPress is susceptible to Stored Cross-Site Scripting through the description field. Insufficient input sanitization and outp...
PT-2023-28845 · Jenkins · Jenkins Build Failure Analyzer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Build Failure Analyzer Plugin versions 2.4.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Build Failure Analyzer Plugin does not escape Failure Cause...
PT-2023-16342 · WordPress · Wp-D3
Name of the Vulnerable Software and Affected Versions: Wp-D3 WordPress plugin versions prior to 2.4.2 Description: The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the lack of validation and escaping of some shortcode attributes...
PT-2022-27055 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.4.2 Description: The issue is related to an open redirect in the webserver's "/confirm" endpoint. Recommendations: For versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue...
PT-2022-20934 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.2 Description: The issue is related to weak password requirements. Specifically, versions prior to 2.4.2 have no password policy or password checking, making users vulnerable to brute force password guessing...