114 matches found
CVE-2021-21680
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity XXE attacks...
CVE-2021-21680
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity XXE attacks...
Xxe
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity XXE attacks...
CVE-2021-21680
CVE-2021-21680 : Jenkins Nested View Plugin (versions ≤ 1.20) does not configure its XML transformer to disable external entity resolution, enabling XXE attacks via crafted view XML. Public references (OSV, Red Hat, GHSA) indicate that starting with version 1.21 Jenkins disables external entity r...
CVE-2021-21680
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity XXE attacks...
PT-2021-14723 · Jenkins · Jenkins Nested View Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Nested View Plugin versions 1.20 and earlier Description: The issue arises from the Jenkins Nested View Plugin not configuring its XML transformer to prevent XML external entity XXE attacks. This allows attackers who can configure vie...
Jenkins 代码问题漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A code issue vulnerability exists in Jenkins Nested View Plugin 1.20 and earlier, which arises from an improperly designe...
CVE-2021-24498
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...
Cross-site Scripting in Jenkins Dashboard View Plugin
Jenkins Dashboard View Plugin prior to 2.16 and 2.12.1 does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission. As part of this fix, the property for image URLs was changed fr...
DRUPAL-CONTRIB-2021-009
Chaos tool suite ctools module provides a number of APIs and extensions for Drupal, it's 8.x-3.x branch is a start from scratch to evaluate the features of ctools that didn't make it into Drupal Core 8.0.x and port them. The module doesn't sufficiently handle access control on its EntityView...
CloudBees Jenkins Dashboard View Plugin Cross-Site Scripting Vulnerability (CNVD-2021-36583)
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...
CVE-2021-21649
CVE-2021-21649 affects Jenkins Dashboard View Plugin (versions 2.15 and earlier). The vulnerability arises from not escaping URLs in Image Dashboard Portlets, allowing stored XSS via adversaries with View/Configure permission. The in-document details specify a stored XSS impact with user-controll...
PT-2021-14692 · Jenkins · Jenkins Dashboard View Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dashboard View Plugin versions 2.15 and earlier Jenkins Dashboard View Plugin versions prior to 2.16 Jenkins Dashboard View Plugin version 2.12.1 and earlier Description: The issue is related to a stored cross-site scripting XSS...
Jenkins 跨站脚本漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...
CVE-2020-2263
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
Cross site scripting
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2263
The CVE-2020-2263 entry concerns Jenkins Radiator View Plugin (versions ≤ 1.29). The issue is a stored XSS caused by the plugin not escaping the full job name in tooltips, which could be exploited by attackers who have Job/Configure permission. The vulnerability affects the plugin as described in...
CVE-2020-2263
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
PT-2020-15488 · Jenkins · Jenkins Radiator View Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Radiator View Plugin versions 1.29 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the full name of jobs in tooltips is not properly escaped, allowing attackers with...
CVE-2019-16564
Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names...