Istio 资源管理错误漏洞

Istio is an open platform for connecting, managing, and securing microservices. Istio suffers from a resource management error vulnerability that allows a malicious attacker to send a specially crafted message that could cause a control plane crash when the cluster's authentication webhook is...

CVE-2021-41111 Authorization Bypass Through User-Controlled Key in Rundeck

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user...

WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin <= 1.1.8 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin versions = 1.1.8. Solution Update the WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io,...

WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin <= 1.1.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin versions = 1.1.8. Solution Update the WordPress Forms to Zapier, Integromat, IFTTT, Workato,...

Rundeck 安全漏洞

Rundeck is an open source automation service with a web console, command line tools, and WebAPI from Rundeck Inc. in the United States, which is primarily used to run automation tasks. A security vulnerability exists in Rundeck versions prior to 3.4.5 and 3.3.15, which stems from the fact that an...

Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

GHSA-QQWX-HCP6-25VR Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-25185

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-25185

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-25185

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-25185

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-25185

The CVE-2022-25185 entry relates to the Jenkins Generic Webhook Trigger Plugin (versions ≤ 1.81). Root cause: the plugin does not escape the build cause when using the webhook, enabling a stored XSS vulnerability. Impact: attacker with Item/Configure permission can exploit via the webhook to inje...

PT-2022-17125 · Jenkins · Jenkins Generic Webhook Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Generic Webhook Trigger Plugin versions 1.81 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the build cause is not properly escaped when using the webhook. Attacke...

Jenkins Generic Webhook Trigger Plugin 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in Jenkins Generic Webhook Trigger Plugin 1.81 and earlier versions, which...

Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)

Impact Matt Hamilton from Soluble has discovered a limited Server-Side Request Forgery SSRF that allowed Harbor project owners to scan the TCP ports of hosts on the Harbor server's internal network. The vulnerability was immediately fixed by the Harbor team. Issue The “Test Endpoint” API, part of...

Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot

Description In order to render raw HTML in Vue.js you may use v-html attribute, which opens a door for XSS in case of malicious input. Chatwoot actually uses it in several places, such as...

Cross-site Scripting in livehelperchat

Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed...

GHSA-W4HP-PCP8-QHF3 Cross-site Scripting in livehelperchat

Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed...

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed. Proof of...