38 matches found
org.jenkins-ci.plugins:dependency-check-jenkins-plugin (>=3.3.4 <=4.0.2) potentially affected by CVE-2021-21633 via org.jenkins-ci.plugins:dependency-track (=1.1.1)
org.jenkins-ci.plugins:dependency-track MAVEN version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:dependency-track and may be impacted: - org.jenkins-ci.plugins:dependency-check-jenkins-plugin =3.3.4, =4.0.2 Source cve...
Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
GHSA-65CQ-WHR4-7C2V Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
CVE-2021-24926
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-43577
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-43577
Summary: Jenkins OWASP Dependency-Check Plugin (version 5.1.1 and earlier) suffers an XXE flaw because its XML parser is not configured to block external entities. Impact (as described): a crafted XML file could cause Jenkins to parse external entities, enabling potential exposure of secrets and,...
VulnCheck KEV: CVE-2019-15949
Nagios XI contains a remote code execution vulnerability in which a user can modify the checkplugin executable and insert malicious commands to execute as root...
VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit
This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...
WordPress wp-spell-check Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-spell-check is a spell-checking plugin used in it. A cross-site request forgery vulnerability exists in WordPress wp-spell-check...
CVE-2019-15949
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...
CVE-2019-15949
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...
PT-2019-6111 · Nagios · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.6.6 Description: The issue allows remote command execution as root. It requires access to the server as the nagios user or access as the admin user via the web interface. The getprofile.sh script is executed as...
CVE-2017-1000109
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
Cross site scripting
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
CVE-2017-1000109
CVE-2017-1000109 is confirmed in connected sources as a persisted XSS vulnerability in the Jenkins OWASP Dependency-Check Plugin, specifically in the custom Details view where input could inject arbitrary HTML. Multiple entries corroborate the issue and its association with the Dependency-Check J...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a 1 crafted check plugin, the 2 description in a host profile, or the 3 pluginargs parameter to a Test service check page...
CVE-2015-4420
Multiple cross-site scripting XSS vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a 1 crafted check plugin, the 2 description in a host profile, or the 3 pluginargs parameter to a Test service check page...
CVE-2015-4420
Opsview CVE-2015-4420 affects Opsview 4.6.2 and earlier, with multiple XSS flaws exploitable via (1) crafted check plugins, (2) description text in a host profile, or (3) the plugin_args parameter on a Test service check page. The issue enables remote injection of arbitrary script/HTML and is doc...