1332 matches found
Cross-Site Request Forgery in Jenkins
An extension point in Jenkins allows selectively disabling cross-site request forgery CSRF protection for specific URLs. Implementations of that extension point received a different representation of the URL path than the Stapler web framework uses to dispatch requests in Jenkins 2.227 and earlie...
Missing Authorization in Jenkins
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...
CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
CVE-2022-28961
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
DEBIAN-CVE-2022-28961
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
CVE-2022-28961
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
CVE-2022-28961
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
UBUNTU-CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
Sql injection
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
CVE-2022-28961
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
CVE-2022-28961
CVE-2022-28961 affects SPIP Web Framework v3.1.13 and earlier, with multiple SQL injection vulnerabilities exploitable via /ecrire through the lier_trad and where parameters. Connected sources corroborate that the issue is addressed in SPIP releases by upgrading to at least 3.1.14 or 3.2.x with 3...
CVE-2022-28961
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...
CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
CVE-2022-28959
CVE-2022-28959 affects SPIP Web Framework’s spip.php component in versions up to and including 3.1.13, enabling cross-site scripting (XSS) and allowing an attacker to run arbitrary web scripts or HTML. The provided documents consistently identify the vulnerability as an XSS issue in /spip.php and...
CVE-2022-28959
Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java,...