34 matches found
CVE-2023-4798
The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks...
WordPress plugin User Avatar cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
GHSA-MG72-H5GJ-8GG7 Missing permission check in Jenkins Avatar Plugin
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...
Missing permission check in Jenkins Avatar Plugin
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...
com.buildcoin.plugins.jenkins:buildcoin-plugin (>=1.0 <=1.4), com.coravy.hudson.plugins.github:github (>=1.1 <=1.8) +99 more potentially affected by CVE-2012-0785 via org.jenkins-ci.main:jenkins-core (>=1.425 <=1.446)
org.jenkins-ci.main:jenkins-core MAVEN version =1.425, =1.0, =1.1, =0.3.2, =1.1, =1.0, =0.1, =1.1, =1.1, =0.2.5, =1.425, =1.425, =1.425, =1.425, =1.446 and more Source cves: CVE-2012-0785 Source advisory: OSV:GHSA-PCHP-C5W8-47GC...
Cross site request forgery (csrf)
The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress One User Avatar plugin in versions prior to 2.3.7 has a cross-site scripting vulnerability that stems from a lack...
CloudBees Jenkins Avatar Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins Avatar Plugin. An attacker can exploit this vulnerability to perform modification operations on...
CVE-2019-10377
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...
CVE-2019-10377
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...
Information disclosure
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...
CVE-2019-10377
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...
CVE-2019-10377
CVE-2019-10377 affects Jenkins Avatar Plugin versions 1.2 and earlier. The root cause is a missing permission check, which allows attackers with Overall/Read access to change the avatar of any Jenkins user. The consequence is unauthorized modification of user avatars, under the stated access leve...
PT-2019-11773 · Jenkins · Jenkins Avatar Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Avatar Plugin versions 1.2 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read access to change the avatar of any user of Jenkins. Recommendations: For Jenkins Avatar Plugin versions 1....