CVE-2022-50797

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...

CVE-2022-50797 Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...

CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...

EUVD-2022-5639

Malicious code in bioql PyPI...

GHSA-WV63-GWR9-5C55 Stored XSS vulnerability in Jenkins button labels

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI. This results in a cross-site scripting vulnerability exploitable by attackers with the ability to control button labels. An example of buttons with a user-controlled label are the buttons of the...

jenkins: Stored XSS vulnerability in button labels

A flaw was found in jenkins. A cross-site scripting XSS vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity...

jenkins: Stored XSS vulnerability in button labels

A flaw was found in jenkins. A cross-site scripting XSS vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity...

jenkins: Stored XSS vulnerability in button labels

A flaw was found in jenkins. A cross-site scripting XSS vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity...

Cross-Site Scripting (XSS)

Jenkins is vulnerable to cross-site scripting. The vulnerability existed because it does not escape button labels in the Jenkins UI...

CVE-2021-21608

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with the ability to control button labels...

PT-2021-14651 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue results from the failure to escape button labels in the Jenkins UI, leading to a cross-site scripting XSS vulnerability. This vulnerability can...