3 matches found
CVE-2024-45257
A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...
Cross-site Scripting (XSS)
Jenkins Applitools Eyes Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the plugin not escaping the Applitools URL on the build page, where attackers with Item/Configure permission can exploit it to inject malicious scripts...
CVE-2025-54800
CVE-2025-54800 describes a persistent XSS in Hydra (Nix-based CI) where a malicious package could inject arbitrary JavaScript into Hydra’s database, which then gets evaluated in a client’s browser when visiting the build page. The issue is stated as fixed by commit dea1e16; workarounds include no...