6612 matches found
Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability
Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...
GHSA-PMMR-R9V2-59P8 Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability
Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...
CVE-2023-32987
A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...
CVE-2023-32987
A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...
CVE-2023-32987
The CVE affects Jenkins Reverse Proxy Auth Plugin (versions ≤ 1.7.4). A CSRF flaw allows an attacker to connect to an attacker-specified LDAP server using attacker-specified credentials. Impact is high on confidentiality, integrity, and availability (CVE-2023-32987, CVSS v3.1: 8.8). The issue ari...
CVE-2023-23703
CVE-2023-23703 corresponds to a Stored XSS in the WordPress plugin Arconix Shortcodes (vulnerable: 2.1.7 is the recommended remediation. Additional sources classify the issue as low severity with a low likelihood of exploitation, but it remains a real vulnerability for sites still running
CVE-2023-23720
CVE-2023-23720 concerns the WordPress Verified Reviews (Avis Vérifiés) plugin (NetReviews for WordPress) with a Stored XSS vulnerability in versions
CVE-2023-23657
CVE-2023-23657 describes a Stored XSS in the WordPress plugin Mail Subscribe List up to version 2.1.9. No technical details (payloads, vectors, affected files, or fix/version) are provided in the supplied documents. Monitor for vendor advisories and patch updates.
CVE-2023-23641
CVE-2023-23641 affects WordPress WPmanage Uji Popup plugin up to version 1.4.3. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw exploitable by contributors and higher-authenticated users via the uji_popup_code shortcode. Impact per sources is a stored XSS risk with confidential data...
CVE-2023-23673
The CVE refers to a Stored XSS in the WordPress plugin “I Recommend This” (Themeist) versions
PT-2023-3358 · Jenkins · Jenkins Reverse Proxy Auth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Reverse Proxy Auth Plugin versions 1.7.4 and earlier Description: The issue is related to a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in RVOLA WP Original Media Path plugin = 2.4.0 versions...
CVE-2023-23654 WordPress SparkPost Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SparkPost plugin = 3.2.5 versions...
CVE-2023-23688
CVE-2023-23688 is a stored XSS vulnerability in the WordPress plugin Social Share Boost, affecting versions up to 4.4. The flaw requires authentication (contributor+), permitting stored XSS via the plugin’s functionality. Public advisories consistently reference the same CVE and indicate vulnerab...
CVE-2023-22717
CVE-2023-22717 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin FormCraft (nCrafts FormCraft) , affecting versions up to and including 1.2.6 . The vulnerability requires at least a Contributor+ authentication level and can be triggered through stored input, leading to ...
PT-2023-22453 · Unknown · Agasio-Camera
Name of the Vulnerable Software and Affected Versions: Agasio-Camera affected versions not specified Description: An issue in the Agasio-Camera device allows a remote attacker to execute arbitrary code via the check and authLevel parameters. Recommendations: At the moment, there is no information...
CVE-2023-25460
CVE-2023-25460 covers a Stored XSS vulnerability in the WordPress plugin CodeSolz Easy Ad Manager (vulnerable:
CVE-2023-25460 WordPress Easy Ad Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CodeSolz Easy Ad Manager plugin = 1.0.0 versions...
CVE-2023-25958
CVE-2023-25958 is an admin+ authenticated, stored cross-site scripting (XSS) vulnerability in the WordPress plugin Simple Tooltips