2 matches found
Open WebUI: Cross-origin postMessage confirmation bypass via action:submit
Summary The chat message listener allows non-same-origin input:prompt and action:submit messages, so an external site can set prompt text and trigger submitPrompt in an authenticated victim session. I validated this with a cross-origin attacker page that auto-posted messages and caused unauthoriz...
PT-2019-11725 · Jenkins · Jenkins Artifactory Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Artifactory Plugin versions 3.2.2 and earlier Description: A cross-site request forgery issue allows attackers to perform certain actions, including scheduling a release build, performing release staging for Gradle and Maven projects,...