9 matches found
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53660
CVE-2025-53660 affects Jenkins QMetry Test Management Plugin 1.13 and earlier. The vulnerability stems from Qmetry Automation API Keys being stored unencrypted in job config.xml and displayed on the job configuration form without masking, enabling observers with Item/Extended Read permissions or ...
CVE-2025-24368 Cacti has a SQL Injection vulnerability when using tree rules through Automation API
Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in buildruleitemfilter function from lib/apiautomation.php, resulting in SQL injection. This vulnerability ...
CVE-2025-24368 Cacti has a SQL Injection vulnerability when using tree rules through Automation API
Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in buildruleitemfilter function from lib/apiautomation.php, resulting in SQL injection. This vulnerability ...
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
GHSA-X347-FC9W-W7C3 Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
PT-2023-12175 · Nuxeo · Nuxeo Platform
Name of the Vulnerable Software and Affected Versions: Nuxeo Platform version 11.5.109 Description: The Nuxeo Platform is an open source content management platform for building business applications. In the affected version, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS...
Nuxeo 跨站脚本漏洞
Nuxeo is an open source, customizable and extensible content management platform from Nuxeo Open Source. It is used to build business applications. A cross-site scripting vulnerability exists in Nuxeo version 11.5.109, which stems from the fact that an attacker can implement reflective cross-site...
CVE-2021-32828 Regular expression Denial of Service in MooTools
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...