Lucene search
K

63 matches found

Prion
Prion
added 2022/06/30 6:15 p.m.12 views

Design/Logic Flaw

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

4CVSS4.4AI score0.00553EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/30 5:49 p.m.279 views

CVE-2022-34813

CVE-2022-34813 affects Jenkins XPath Configuration Viewer Plugin versions 1.1.1 and earlier. The root cause is a missing permission check in several HTTP endpoints, allowing users with Overall/Read permission to create and delete XPath expressions. Some advisories also note CSRF risk due to endpo...

4.3CVSS4.8AI score0.00553EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/30 5:49 p.m.33 views

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

5.2AI score0.00553EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/30 5:49 p.m.37 views

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

5.3AI score0.00454EPSS
Exploits0References1
CVE
CVE
added 2022/06/30 5:49 p.m.281 views

CVE-2022-34812

CVE-2022-34812 is a cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin versions 1.1.1 and earlier. The issue allows attackers with the user’s or an attacker’s access to perform create and delete XPath expressions, as stated in the CVE description and mult...

4.3CVSS4.9AI score0.00454EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/30 5:49 p.m.269 views

CVE-2022-34811

CVE-2022-34811: Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier has a missing permission check that allows users with Overall/Read to access the XPath Configuration Viewer page. The issue, described in multiple sources (NVD, CVE lists, OSS advisories), can expose the XPath configurati...

4.3CVSS4.7AI score0.00557EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.38 views

Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

5.4CVSS2.1AI score0.03885EPSS
Exploits5References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:18 a.m.18 views

Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

4.3CVSS6.7AI score0.0063EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/03/14 3:15 p.m.4 views

CVE-2021-24966

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder...

4.9CVSS5.9AI score0.05188EPSS
Exploits5References1
Fedora
Fedora
added 2021/12/05 1:39 a.m.20 views

[SECURITY] Fedora 34 Update: vdr-tvguide-1.3.5-1.fc34.1

VDR plugin: tvguide - TvGuide is a highly customizable 2D EPG viewer plugin...

1.3AI score0.0071EPSS
Exploits1
CVE
CVE
added 2021/10/18 1:45 p.m.67 views

CVE-2021-24684

The CVE applies to the WordPress PDF Light Viewer Plugin for WordPress, affected in versions prior to 1.4.12. The root cause is an OS Command Injection via Ghostscript, exploitable by users with Author roles, enabling arbitrary command execution on the server. Impact is high (remote execution, se...

9CVSS9.2AI score0.04268EPSS
Exploits2References1Affected Software1
Veracode
Veracode
added 2021/04/20 5:24 a.m.10 views

Cross-Site Scripting (XSS)

molecularfaces is vulnerable to cross-site scripting. The vulnerability exists due to the viewer plugin implementation of rendering the molfile data directly inside a...

2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/16 7:52 p.m.46 views

JavaScript execution via malicious molfiles (XSS)

Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...

6.1CVSS2.5AI score0.00566EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/07/11 2:15 p.m.35 views

CVE-2019-10349

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

5.4CVSS5.2AI score0.03885EPSS
Exploits5References4
CVE
CVE
added 2019/07/11 1:55 p.m.90 views

CVE-2019-10349

The CVE-2019-10349 issue affects Jenkins Dependency Graph View Plugin (≤0.13). The root cause is a stored XSS vulnerability in the plugin’s Configure module where the Display Name field can be exploited to inject arbitrary HTML/JavaScript into plugin-provided Jenkins pages. Impact per sources is ...

5.4CVSS5AI score0.03885EPSS
Exploits5References4Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/11 12:0 a.m.5 views

PT-2019-11748 · Jenkins · Jenkins Dependency Graph Viewer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Dependency Graph Viewer Plugin versions 0.13 and earlier Description: A stored cross site scripting issue allows attackers who can configure jobs in Jenkins to inject arbitrary HTML and JavaScript into the plugin-provided web pages in...

5.4CVSS5AI score0.03885EPSS
Exploits5References11
CNVD
CNVD
added 2017/07/06 12:0 a.m.5 views

IrfanView FPX plugin buffer overflow vulnerability (CNVD-2017-15695)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. FPX Plugin is one of the programmable interface extensions. A buffer overflow vulnerability exists in IrfanView...

7.8CVSS8AI score0.02092EPSS
Exploits0References1
OSV
OSV
added 2017/07/05 8:29 p.m.3 views

CVE-2017-9536

IrfanView version 4.44 32bit with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at FPX!FPXGetScanDevicePropertyGroup+0x00000000000014eb."...

7.8CVSS6.1AI score0.02092EPSS
Exploits0References2
Fedora
Fedora
added 2016/02/23 7:50 p.m.27 views

[SECURITY] Fedora 22 Update: vdr-tvguide-1.2.2-9.fc22

VDR plugin: tvguide - TvGuide is a highly customizable 2D EPG viewer plugin...

5.5CVSS1.3AI score0.01541EPSS
Exploits0
CVE
CVE
added 2010/05/07 6:23 p.m.44 views

CVE-2009-4850

CVE-2009-4850 affects AwingSoft Winds3D Viewer plugin 3.5.0.9. The vulnerability allows remote code execution by supplying a SceneURL value that points to an executable (.exe). Public references show exploitation tooling in Metasploit (sceneurl module) and historical coverage (Exploit-DB), confir...

9.3CVSS7.6AI score0.24665EPSS
Exploits3References5Affected Software1
Rows per page
Query Builder