35 matches found
Cross-site Scripting (XSS)
Jenkins Applitools Eyes Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the plugin not escaping the Applitools URL on the build page, where attackers with Item/Configure permission can exploit it to inject malicious scripts...
EUVD-2025-20856
Malicious code in bioql PyPI...
EUVD-2025-20835
Malicious code in bioql PyPI...
EUVD-2025-20834
Malicious code in bioql PyPI...
@andrewzagorski/admin (>=4.25.19-patch.1 <=4.25.19-patch.3), @applitools/autonomous-lib (>=1.3.4 <=4.0.251-beta.0) +147 more potentially affected by CVE-2025-9960 via is-localhost-ip (>=1.4.0 <=3.0.1)
is-localhost-ip NPM version =1.4.0, =4.25.19-patch.1, =1.3.4, =2.3.7, =1.0.0, =1.2.11, =0.5.1, =1.0.6, =1.0.0, =1.13.7, =1.0.0, =3.30.0, =4.22.1, =1.14.0, =1.14.1, =1.14.1, =1.31.7 and more Source cves: CVE-2025-9960 Source advisory: SNYK:JS-ISLOCALHOSTIP-13004668...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form, where API keys are not masked. An attacker can obtain sensitive credentials by viewing the exposed API keys during job configuration. Remediation Upgrade...
GHSA-JMRV-RXGR-PHVR Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the storage of unencrypted API keys in config.xml files. An attacker can access sensitive information by obtaining Item/Extended Read permissions or direct access to the controller file...
Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users
Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
GHSA-Q92V-3F4W-5XG8 Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users
Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Applitools URL field on the build page. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious input into this field. This is only exploitable if the...
Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Applitools Eyes Plugin 1.16.6 rejects Applitools URLs that contain HTML...
GHSA-J4WF-9GX8-63F8 Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Applitools Eyes Plugin 1.16.6 rejects Applitools URLs that contain HTML...
CVE-2025-53742
Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53742
Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53743
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53658
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2025-53658
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2025-53743
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53743
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...