63 matches found
Design/Logic Flaw
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...
CVE-2022-34813
CVE-2022-34813 affects Jenkins XPath Configuration Viewer Plugin versions 1.1.1 and earlier. The root cause is a missing permission check in several HTTP endpoints, allowing users with Overall/Read permission to create and delete XPath expressions. Some advisories also note CSRF risk due to endpo...
CVE-2022-34813
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...
CVE-2022-34812
A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...
CVE-2022-34812
CVE-2022-34812 is a cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin versions 1.1.1 and earlier. The issue allows attackers with the user’s or an attacker’s access to perform create and delete XPath expressions, as stated in the CVE description and mult...
CVE-2022-34811
CVE-2022-34811: Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier has a missing permission check that allows users with Overall/Read to access the XPath Configuration Viewer page. The issue, described in multiple sources (NVD, CVE lists, OSS advisories), can expose the XPath configurati...
Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...
Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks
Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...
CVE-2021-24966
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder...
[SECURITY] Fedora 34 Update: vdr-tvguide-1.3.5-1.fc34.1
VDR plugin: tvguide - TvGuide is a highly customizable 2D EPG viewer plugin...
CVE-2021-24684
The CVE applies to the WordPress PDF Light Viewer Plugin for WordPress, affected in versions prior to 1.4.12. The root cause is an OS Command Injection via Ghostscript, exploitable by users with Author roles, enabling arbitrary command execution on the server. Impact is high (remote execution, se...
Cross-Site Scripting (XSS)
molecularfaces is vulnerable to cross-site scripting. The vulnerability exists due to the viewer plugin implementation of rendering the molfile data directly inside a...
JavaScript execution via malicious molfiles (XSS)
Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...
CVE-2019-10349
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...
CVE-2019-10349
The CVE-2019-10349 issue affects Jenkins Dependency Graph View Plugin (≤0.13). The root cause is a stored XSS vulnerability in the plugin’s Configure module where the Display Name field can be exploited to inject arbitrary HTML/JavaScript into plugin-provided Jenkins pages. Impact per sources is ...
PT-2019-11748 · Jenkins · Jenkins Dependency Graph Viewer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dependency Graph Viewer Plugin versions 0.13 and earlier Description: A stored cross site scripting issue allows attackers who can configure jobs in Jenkins to inject arbitrary HTML and JavaScript into the plugin-provided web pages in...
IrfanView FPX plugin buffer overflow vulnerability (CNVD-2017-15695)
IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. FPX Plugin is one of the programmable interface extensions. A buffer overflow vulnerability exists in IrfanView...
CVE-2017-9536
IrfanView version 4.44 32bit with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at FPX!FPXGetScanDevicePropertyGroup+0x00000000000014eb."...
[SECURITY] Fedora 22 Update: vdr-tvguide-1.2.2-9.fc22
VDR plugin: tvguide - TvGuide is a highly customizable 2D EPG viewer plugin...
CVE-2009-4850
CVE-2009-4850 affects AwingSoft Winds3D Viewer plugin 3.5.0.9. The vulnerability allows remote code execution by supplying a SceneURL value that points to an executable (.exe). Public references show exploitation tooling in Metasploit (sceneurl module) and historical coverage (Exploit-DB), confir...