Lucene search
+L

34 matches found

OSV
OSV
added 2023/10/16 8:15 p.m.4 views

CVE-2023-4798

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks...

5.4CVSS7.3AI score0.00394EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.5 views

WordPress plugin User Avatar cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6AI score0.00394EPSS
Exploits2References2
OSV
OSV
added 2022/05/24 4:52 p.m.47 views

GHSA-MG72-H5GJ-8GG7 Missing permission check in Jenkins Avatar Plugin

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...

4.3CVSS4.4AI score0.00693EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.23 views

Missing permission check in Jenkins Avatar Plugin

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...

4.3CVSS6.6AI score0.00693EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/04/23 12:40 a.m.7 views

com.buildcoin.plugins.jenkins:buildcoin-plugin (>=1.0 <=1.4), com.coravy.hudson.plugins.github:github (>=1.1 <=1.8) +99 more potentially affected by CVE-2012-0785 via org.jenkins-ci.main:jenkins-core (>=1.425 <=1.446)

org.jenkins-ci.main:jenkins-core MAVEN version =1.425, =1.0, =1.1, =0.3.2, =1.1, =1.0, =0.1, =1.1, =1.1, =0.2.5, =1.425, =1.425, =1.425, =1.425, =1.446 and more Source cves: CVE-2012-0785 Source advisory: OSV:GHSA-PCHP-C5W8-47GC...

7.8CVSS7.2AI score0.03351EPSS
Exploits0
Prion
Prion
added 2021/10/18 2:15 p.m.12 views

Cross site request forgery (csrf)

The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack...

4.3CVSS6.4AI score0.00553EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.4 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress One User Avatar plugin in versions prior to 2.3.7 has a cross-site scripting vulnerability that stems from a lack...

5.4CVSS5.6AI score0.00629EPSS
Exploits2References2
CNVD
CNVD
added 2019/08/15 12:0 a.m.10 views

CloudBees Jenkins Avatar Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins Avatar Plugin. An attacker can exploit this vulnerability to perform modification operations on...

4.3CVSS6.9AI score0.00693EPSS
Exploits0References1
NVD
NVD
added 2019/08/07 3:15 p.m.21 views

CVE-2019-10377

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...

4.3CVSS4.5AI score0.00693EPSS
Exploits0References2
OSV
OSV
added 2019/08/07 3:15 p.m.13 views

CVE-2019-10377

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...

4.3CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2019/08/07 3:15 p.m.18 views

Information disclosure

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...

4CVSS4.6AI score0.00693EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/07 2:20 p.m.25 views

CVE-2019-10377

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...

4.5AI score0.00693EPSS
Exploits0References2
CVE
CVE
added 2019/08/07 2:20 p.m.63 views

CVE-2019-10377

CVE-2019-10377 affects Jenkins Avatar Plugin versions 1.2 and earlier. The root cause is a missing permission check, which allows attackers with Overall/Read access to change the avatar of any Jenkins user. The consequence is unauthorized modification of user avatars, under the stated access leve...

4.3CVSS4.4AI score0.00693EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/07 12:0 a.m.5 views

PT-2019-11773 · Jenkins · Jenkins Avatar Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Avatar Plugin versions 1.2 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read access to change the avatar of any user of Jenkins. Recommendations: For Jenkins Avatar Plugin versions 1....

4.3CVSS4.3AI score0.00693EPSS
Exploits0References5
Rows per page
Query Builder