Lucene search
K

6612 matches found

Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.20 views

Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability

Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

8.8CVSS6.7AI score0.0045EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/16 6:30 p.m.20 views

GHSA-PMMR-R9V2-59P8 Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability

Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier does not require POST requests for a form validation method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

4.3CVSS8.6AI score0.0045EPSS
Exploits0References2
NVD
NVD
added 2023/05/16 4:15 p.m.24 views

CVE-2023-32987

A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

8.8CVSS8.7AI score0.0045EPSS
Exploits0References1
Prion
Prion
added 2023/05/16 4:15 p.m.20 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

6.8CVSS8.7AI score0.0045EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/16 4:0 p.m.31 views

CVE-2023-32987

A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...

8.9AI score0.0045EPSS
Exploits0References1
CVE
CVE
added 2023/05/16 4:0 p.m.64 views

CVE-2023-32987

The CVE affects Jenkins Reverse Proxy Auth Plugin (versions ≤ 1.7.4). A CSRF flaw allows an attacker to connect to an attacker-specified LDAP server using attacker-specified credentials. Impact is high on confidentiality, integrity, and availability (CVE-2023-32987, CVSS v3.1: 8.8). The issue ari...

8.8CVSS8.6AI score0.0045EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/16 9:50 a.m.53 views

CVE-2023-23703

CVE-2023-23703 corresponds to a Stored XSS in the WordPress plugin Arconix Shortcodes (vulnerable: 2.1.7 is the recommended remediation. Additional sources classify the issue as low severity with a low likelihood of exploitation, but it remains a real vulnerability for sites still running

6.5CVSS5.5AI score0.00361EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/16 9:31 a.m.37 views

CVE-2023-23720

CVE-2023-23720 concerns the WordPress Verified Reviews (Avis Vérifiés) plugin (NetReviews for WordPress) with a Stored XSS vulnerability in versions

5.9CVSS5.1AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/16 9:24 a.m.34 views

CVE-2023-23657

CVE-2023-23657 describes a Stored XSS in the WordPress plugin Mail Subscribe List up to version 2.1.9. No technical details (payloads, vectors, affected files, or fix/version) are provided in the supplied documents. Monitor for vendor advisories and patch updates.

6.5CVSS5.5AI score0.0037EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/16 9:18 a.m.39 views

CVE-2023-23641

CVE-2023-23641 affects WordPress WPmanage Uji Popup plugin up to version 1.4.3. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw exploitable by contributors and higher-authenticated users via the uji_popup_code shortcode. Impact per sources is a stored XSS risk with confidential data...

6.5CVSS5.5AI score0.00361EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/16 8:28 a.m.49 views

CVE-2023-23673

The CVE refers to a Stored XSS in the WordPress plugin “I Recommend This” (Themeist) versions

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.5 views

PT-2023-3358 · Jenkins · Jenkins Reverse Proxy Auth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Reverse Proxy Auth Plugin versions 1.7.4 and earlier Description: The issue is related to a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified LDAP server using...

10CVSS8.5AI score0.0045EPSS
Exploits0References5
Prion
Prion
added 2023/05/15 12:15 p.m.24 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in RVOLA WP Original Media Path plugin = 2.4.0 versions...

4.3CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/15 11:40 a.m.16 views

CVE-2023-23654 WordPress SparkPost Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SparkPost plugin = 3.2.5 versions...

5.9CVSS5.5AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2023/05/15 11:19 a.m.52 views

CVE-2023-23688

CVE-2023-23688 is a stored XSS vulnerability in the WordPress plugin Social Share Boost, affecting versions up to 4.4. The flaw requires authentication (contributor+), permitting stored XSS via the plugin’s functionality. Public advisories consistently reference the same CVE and indicate vulnerab...

6.5CVSS5.5AI score0.00383EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/15 11:9 a.m.35 views

CVE-2023-22717

CVE-2023-22717 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin FormCraft (nCrafts FormCraft) , affecting versions up to and including 1.2.6 . The vulnerability requires at least a Contributor+ authentication level and can be triggered through stored input, leading to ...

6.5CVSS5.5AI score0.00361EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/15 12:0 a.m.6 views

PT-2023-22453 · Unknown · Agasio-Camera

Name of the Vulnerable Software and Affected Versions: Agasio-Camera affected versions not specified Description: An issue in the Agasio-Camera device allows a remote attacker to execute arbitrary code via the check and authLevel parameters. Recommendations: At the moment, there is no information...

9.8CVSS8AI score0.01854EPSS
Exploits1References7
CVE
CVE
added 2023/05/12 3:19 p.m.53 views

CVE-2023-25460

CVE-2023-25460 covers a Stored XSS vulnerability in the WordPress plugin CodeSolz Easy Ad Manager (vulnerable:

5.9CVSS5.1AI score0.00392EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/12 3:19 p.m.16 views

CVE-2023-25460 WordPress Easy Ad Manager Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CodeSolz Easy Ad Manager plugin = 1.0.0 versions...

5.9CVSS5.5AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2023/05/12 3:15 p.m.51 views

CVE-2023-25958

CVE-2023-25958 is an admin+ authenticated, stored cross-site scripting (XSS) vulnerability in the WordPress plugin Simple Tooltips

5.9CVSS5.1AI score0.00392EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder