20 matches found
EUVD-2024-55569
A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...
CVE-2024-45257
A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...
CVE-2024-45257
A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...
CVE-2024-45257
A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...
CVE-2024-45257
A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...
Cross-site Scripting (XSS)
Jenkins Applitools Eyes Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the plugin not escaping the Applitools URL on the build page, where attackers with Item/Configure permission can exploit it to inject malicious scripts...
EUVD-2023-2784
Malicious code in bioql PyPI...
EUVD-2025-24268
Malicious code in bioql PyPI...
CVE-2025-54800
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54800 Hydra persistent XSS in build metrics
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54800
CVE-2025-54800 describes a persistent XSS in Hydra (Nix-based CI) where a malicious package could inject arbitrary JavaScript into Hydra’s database, which then gets evaluated in a client’s browser when visiting the build page. The issue is stated as fixed by commit dea1e16; workarounds include no...
CVE-2025-54800 Hydra persistent XSS in build metrics
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54800 Hydra persistent XSS in build metrics
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Applitools URL field on the build page. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious input into this field. This is only exploitable if the...
Jenkins Applitools Eyes Plugin vulnerable to XSS through its Build page
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Applitools Eyes Plugin 1.16.6 rejects Applitools URLs that contain HTML...
CVE-2023-46659
Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins Plugin Edgewall Trac Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin GitHub Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Stored XSS vulnerability in Jenkins Deployer Framework Plugin
Deployer Framework Plugin is a framework plugin allowing other plugins to provide a way to deploy artifacts. Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page. This results in a stored cross-site scripting XSS vulnerability exploitable by users abl...
CVE-2020-2227
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability...