Lucene search
K

424 matches found

OSV
OSV
added 2022/03/30 12:0 a.m.29 views

GHSA-X25H-F84X-WH4M CSRF vulnerability in Jenkins RocketChat Notifier Plugin

Jenkins RocketChat Notifier Plugin 1.4.10 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credential. Additionally, this form validation...

4.3CVSS4.8AI score0.00583EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.8 views

PT-2022-18836 · Jenkins · Jenkins Rocketchat Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins RocketChat Notifier Plugin versions 1.4.10 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials. This issue arises becau...

4.3CVSS4.4AI score0.00583EPSS
Exploits0References8
OSV
OSV
added 2022/03/16 12:0 a.m.23 views

GHSA-CHR6-386Q-4M3V Duplicate Advisory: Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5vjc-qx43-r747. This link is maintained to preserve external references. Original Description Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the...

6.8CVSS4.9AI score0.00607EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/03/15 5:15 p.m.3 views

CVE-2022-27207

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS5.8AI score0.00757EPSS
Exploits0References3
NVD
NVD
added 2022/03/15 5:15 p.m.22 views

CVE-2022-27207

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS0.00757EPSS
Exploits0References2
OSV
OSV
added 2022/03/15 5:15 p.m.2 views

CVE-2022-27200

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS5.6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/15 5:15 p.m.2 views

CVE-2022-27200

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS5.8AI score0.00607EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/03/15 4:45 p.m.28 views

CVE-2022-27207

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

5.8AI score0.00757EPSS
Exploits0References2
Prion
Prion
added 2022/02/15 5:15 p.m.10 views

Cross site scripting

Jenkins Promoted Builds Simple Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

3.5CVSS4.8AI score0.00572EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/02/09 3:20 p.m.3 views

DRUPAL-CONTRIB-2022-024

The Custom Breadcrumbs module provides a variety of options for customizing the breadcrumb trail. The module doesn't sufficiently filter on output, leading to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...

6.2AI score
Exploits0References1
Drupal
Drupal
added 2022/02/09 12:0 a.m.14 views

Custom Breadcrumbs - Less critical - Cross Site Scripting - SA-CONTRIB-2022-024

The Custom Breadcrumbs module provides a variety of options for customizing the breadcrumb trail. The module doesn't sufficiently filter on output, leading to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...

6.3AI score
Exploits0References5
NVD
NVD
added 2022/01/20 7:15 p.m.17 views

CVE-2021-44092

An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form...

9.8CVSS0.01254EPSS
Exploits1References1
OSV
OSV
added 2022/01/13 12:1 a.m.19 views

GHSA-85RQ-HP8X-GHJQ Cross-Site Request Forgery in Jenkins Mailer Plugin

Jenkins Mailer Plugin prior to 408.vd726a1130320 and 1.34.2 does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. Additionally, this form...

4.3CVSS4.7AI score0.00957EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/01/13 12:0 a.m.32 views

Stored XSS vulnerability in Jenkins Publish Over SSH Plugin

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS2.1AI score0.00819EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/01/12 8:15 p.m.19 views

CVE-2022-23110

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS0.00819EPSS
Exploits0References2
OSV
OSV
added 2022/01/12 8:15 p.m.16 views

CVE-2022-23110

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS4.9AI score
Exploits0References2
OSV
OSV
added 2021/09/22 5:26 p.m.3 views

DRUPAL-CONTRIB-2021-041

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. This module has a vulnerability whereby users can select blocks as a menu item they don't have permission to view. The vulnerability is mitigated by the fact that it can on...

6.8AI score
Exploits0References1
Drupal
Drupal
added 2021/09/22 12:0 a.m.4 views

File Extractor - Critical - Arbitrary PHP code execution - SA-CONTRIB-2021-033

This module enables you to extract the textual content of files for use on a website, e.g. to display it or use it in search indexes. The module doesn't sufficiently protect the administrator-defined commands that are executed on the server, which leads to post-authentication remote code executio...

6.6AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2021/08/31 12:0 a.m.23 views

Ship Ferry Ticket Reservation System v1.0 SQL-Injection-Bypass-Authentication

Description: The Ship/Ferry Ticket Reservation System v1.0 is vulnerable in the application /shipticketing/classes/Login.php from SQL-Injection-Bypass-Authentication. The parameter username from the login form is not protected correctly and there is no security and escaping from malicious payload...

0.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/08/31 12:0 a.m.13 views

Online Leave Management System SQL-Injection-Bypass-Authentication

Description: The OLMS – PHP by: oretnom23 v1.0 is vulnerable in the application /leavesystem/classes/Login.php from SQL-Injection-Bypass-Authentication m0re info: . The parameter username from the login form is not protected correctly and there is no security and escaping from malicious payloads...

7.5AI score
Exploits0References1
Rows per page
Query Builder