jenkins: Stored XSS vulnerability in button labels

A flaw was found in jenkins. A cross-site scripting XSS vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity...

BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)

Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting XSS Date: 16-02-2021 Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Tested on...

BlackCat CMS 1.3.6 - (Display name) XSS Vulnerability

Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting XSS Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Tested on: Windows Steps t...

WordPress Like Button Rating plugin <= 2.6.31 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability

Unauthenticated Server-Side Request Forgery SSRF vulnerability found by Lauritz Holme in WordPress Like Button Rating plugin versions = 2.6.31. Solution Update the WordPress Like Button Rating plugin to the latest available version at least 2.6.32...

Design/Logic Flaw

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/globalmenu.ctp user homepage favourite button...

CVE-2021-3184

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/globalmenu.ctp user homepage favourite button...

Cross-Site Scripting (XSS)

Jenkins is vulnerable to cross-site scripting. The vulnerability existed because it does not escape button labels in the Jenkins UI...

CVE-2021-21608

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with the ability to control button labels...

PT-2021-14646 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue results from the failure to escape notification bar response contents, leading to a cross-site scripting XSS vulnerability. This vulnerability...

PT-2021-14651 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue results from the failure to escape button labels in the Jenkins UI, leading to a cross-site scripting XSS vulnerability. This vulnerability can...

Combodo iTop 代码问题漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management functions. An information disclosure vulnerability exists in...

PT-2021-9738 · Comodo +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 3.0.0 Description: The issue concerns the caching of admin pages in Combodo iTop, allowing their content to be visible after disconnection by using the browser back button...

Employee Performance Evaluation System 1.0 Cross Site Scripting

Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting Date: 08/12/2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://www.sourcecodester.com Software Link:...

Invision Community 4.5.4 - &#039;Field Name&#039; Stored Cross-Site Scripting

Exploit Title: Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting Date: 02-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://invisioncommunity.com/ Software Link: https://invisioncommunity.com/buy Version: 4.5.4 Tested on: Windows 10/Kali Linux CVE:...

SAP Lumira 1.31 Cross Site Scripting

Exploit Title: SAP Lumira 1.31 - Stored Cross-Site Scripting Date: 13.08.2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sap.com Software Link: SAP Lumira Version: 123 •...

Gophish denial of service vulnerability

Gophish is a powerful open source phishing framework. A denial of service vulnerability exists in the "Reset" button on the "Account Settings" page in Gophish versions prior to 0.11.0. This vulnerability can be exploited to cause a denial of service via a clickjacking attack...

CVE-2020-24711

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...

CVE-2020-24711

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...

CVE-2020-27607

In BigBlueButton before 2.2.28 or earlier, the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or...

Code injection

In BigBlueButton before 2.2.28 or earlier, the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or...