Lucene search
K

63 matches found

Prion
Prion
added 2022/10/19 4:15 p.m.16 views

Cross site scripting

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

4.9CVSS5.3AI score0.00639EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/22 12:0 a.m.15 views

GHSA-J8XR-2279-88QJ Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference

Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide crafted API responses from Rational Quality Manager to have Jenkins parse a crafted XML document that uses external entities for extraction of...

5.9CVSS9.1AI score0.00725EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.18 views

Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference

Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide crafted API responses from Rational Quality Manager to have Jenkins parse a crafted XML document that uses external entities for extraction of...

9.8CVSS8.7AI score0.00725EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/09/21 4:15 p.m.22 views

CVE-2022-41240

Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide malicious API responses from Walti...

5.4CVSS0.00469EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.6 views

PT-2022-25757 · Jenkins · Jenkins Rqm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins RQM Plugin versions 2.8 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers to provide crafted API responses that can be used to extrac...

9.8CVSS8.9AI score0.00725EPSS
Exploits0References5
OwnCloud
OwnCloud
added 2022/06/06 12:0 a.m.54 views

Information disclosure in settings UI and API responses - ownCloud

The settings page and some API responses of a few ownCloud apps contained plaintext credentials...

5.7CVSS1.8AI score0.0124EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/05/24 4:49 p.m.6 views

GHSA-2QRR-C2GH-PR35 Wikimedia information leak vulnerability

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

7.5CVSS6.2AI score0.02043EPSS
Exploits0References7
OSV
OSV
added 2022/04/27 10:28 p.m.49 views

GHSA-MM33-5VFQ-3MM3 Cross-site Scripting Vulnerability in Action Pack

There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned the CVE identifier CVE-2022-22577. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1 Impact CSP headers were only sent along with responses that Rails...

6.1CVSS7.2AI score0.01594EPSS
Exploits0References14
Hacker One
Hacker One
added 2022/04/16 10:0 a.m.18 views

GitLab: XSS in ZenTao integration affecting self hosted instances without strict CSP

Summary The ZenTao issue integration premium feature is susceptible to an XSS attack by delivering modified API responses to GitLab. This is related and similar to my report https://hackerone.com/reports/1533976 but this time affecting the ZenTao integration. A user can create a project and...

0.1AI score
Exploits0
Kitploit
Kitploit
added 2022/03/29 11:30 a.m.45 views

Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose

Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...

7.5AI score
Exploits0References9
Prion
Prion
added 2021/10/05 2:15 p.m.17 views

Cross site scripting

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

3.5CVSS4.9AI score0.00951EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/10/05 2:15 p.m.2 views

UBUNTU-CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

7.3CVSS6.9AI score0.00951EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2021/10/05 2:15 p.m.36 views

CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

7.3CVSS6.9AI score0.00951EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/10/05 1:59 p.m.23 views

CVE-2021-22261

Removed by vendor...

7.3CVSS6.5AI score0.00951EPSS
Exploits0
CNVD
CNVD
added 2021/07/15 12:0 a.m.8 views

Unspecified Vulnerability in Nextcloud (CNVD-2021-51810)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 19.0.13, 20.0.11, and 21.0.3, which stems from the fact that rate limiting in Nextcloud...

5.3CVSS6.5AI score0.01374EPSS
Exploits0References1
Prion
Prion
added 2021/07/12 1:15 p.m.20 views

Authentication flaw

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller OCSController using the @BruteForceProtection annotation. Risk depends on the installed...

5CVSS6.7AI score0.01374EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/02/27 12:0 a.m.5 views

The vulnerability of the Gem::GemcutterUtilities module in the RubyGems package management system, which relates to the issue of printing API responses into the standard output stream, allows a attacker to compromise data integrity.

The vulnerability of the Gem::GemcutterUtilities module in the RubyGems package management system relates to the way that API responses are printed into the standard output stream. Exploiting this vulnerability could allow a malicious actor to compromise data integrity by using a specially crafte...

7.8CVSS6.6AI score0.03372EPSS
Exploits0References9Affected Software7
Virtuozzo
Virtuozzo
added 2020/01/26 12:0 a.m.21 views

Product update: Virtuozzo PowerPanel Update 1 Hotfix 1 (7.0.4-39)

The update for Virtuozzo PowerPanel introduces stability and usability fixes. Vulnerability id: PP-643 Attach and detach backup tasks missing or undefined in the task log. Vulnerability id: PP-642 The 'vzapi-api' package not updated on the controller when upgrading PowerPanel. Vulnerability id:...

1.1AI score
Exploits0
Prion
Prion
added 2019/07/10 4:15 p.m.26 views

Design/Logic Flaw

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

5CVSS7.8AI score0.02043EPSS
Exploits0References4Affected Software2
Friends Of PHP
Friends Of PHP
added 2019/05/30 8:55 p.m.30 views

API responses for unpatrolled or (not) autopatrolled recent changes require privileges but may be cached publicly

More info at https://phabricator.wikimedia.org/T212118...

7.5CVSS7.2AI score0.02043EPSS
Exploits0Affected Software1
Rows per page
Query Builder