Lucene search
K

38 matches found

vulnersOsv
vulnersOsv
added 2022/05/24 5:45 p.m.6 views

org.jenkins-ci.plugins:dependency-check-jenkins-plugin (>=3.3.4 <=4.0.2) potentially affected by CVE-2021-21633 via org.jenkins-ci.plugins:dependency-track (=1.1.1)

org.jenkins-ci.plugins:dependency-track MAVEN version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:dependency-track and may be impacted: - org.jenkins-ci.plugins:dependency-check-jenkins-plugin =3.3.4, =4.0.2 Source cve...

8.8CVSS7.2AI score0.0077EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/17 12:32 a.m.23 views

Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

6.1CVSS6.1AI score0.00948EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 12:32 a.m.19 views

GHSA-65CQ-WHR4-7C2V Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

6.1CVSS5.9AI score0.00948EPSS
Exploits0References3
OSV
OSV
added 2022/02/01 1:15 p.m.5 views

CVE-2021-24926

The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.4AI score0.12857EPSS
Exploits5References1
NVD
NVD
added 2021/11/12 11:15 a.m.22 views

CVE-2021-43577

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7.1CVSS0.00979EPSS
Exploits0References2
CVE
CVE
added 2021/11/12 10:35 a.m.78 views

CVE-2021-43577

Summary: Jenkins OWASP Dependency-Check Plugin (version 5.1.1 and earlier) suffers an XXE flaw because its XML parser is not configured to block external entities. Impact (as described): a crafted XML file could cause Jenkins to parse external entities, enabling potential exposure of secrets and,...

7.1CVSS6.8AI score0.00979EPSS
Exploits0References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-15949

Nagios XI contains a remote code execution vulnerability in which a user can modify the checkplugin executable and insert malicious commands to execute as root...

9CVSS7.9AI score0.77741EPSS
Exploits13References1
0day.today
0day.today
added 2021/07/16 12:0 a.m.619 views

VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...

9.8CVSS0.7AI score0.99999EPSS
Exploits13
CNVD
CNVD
added 2019/11/26 12:0 a.m.3 views

WordPress wp-spell-check Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-spell-check is a spell-checking plugin used in it. A cross-site request forgery vulnerability exists in WordPress wp-spell-check...

8.8CVSS6.7AI score0.00678EPSS
Exploits0References1
OSV
OSV
added 2019/09/05 5:15 p.m.3 views

CVE-2019-15949

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

8.8CVSS7.5AI score0.77741EPSS
Exploits13References4
ATTACKERKB
ATTACKERKB
added 2019/09/05 12:0 a.m.64 views

CVE-2019-15949

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

9CVSS8.8AI score0.77741EPSS
In wildExploits13References4
Positive Technologies
Positive Technologies
added 2019/07/29 12:0 a.m.4 views

PT-2019-6111 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.6.6 Description: The issue allows remote command execution as root. It requires access to the server as the nagios user or access as the admin user via the web interface. The getprofile.sh script is executed as...

9CVSS8.7AI score0.77741EPSS
Exploits13References12
NVD
NVD
added 2017/10/05 1:29 a.m.23 views

CVE-2017-1000109

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

6.1CVSS5.9AI score0.00948EPSS
Exploits0References2
Prion
Prion
added 2017/10/05 1:29 a.m.12 views

Cross site scripting

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

4.3CVSS5.9AI score0.00948EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/10/04 1:0 a.m.61 views

CVE-2017-1000109

CVE-2017-1000109 is confirmed in connected sources as a persisted XSS vulnerability in the Jenkins OWASP Dependency-Check Plugin, specifically in the custom Details view where input could inject arbitrary HTML. Multiple entries corroborate the issue and its association with the Dependency-Check J...

6.1CVSS5.8AI score0.00948EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2015/06/18 6:59 p.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a 1 crafted check plugin, the 2 description in a host profile, or the 3 pluginargs parameter to a Test service check page...

4.3CVSS6AI score0.01565EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2015/06/18 6:0 p.m.27 views

CVE-2015-4420

Multiple cross-site scripting XSS vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a 1 crafted check plugin, the 2 description in a host profile, or the 3 pluginargs parameter to a Test service check page...

5.7AI score0.01565EPSS
Exploits4References2
CVE
CVE
added 2015/06/18 6:0 p.m.55 views

CVE-2015-4420

Opsview CVE-2015-4420 affects Opsview 4.6.2 and earlier, with multiple XSS flaws exploitable via (1) crafted check plugins, (2) description text in a host profile, or (3) the plugin_args parameter on a Test service check page. The issue enables remote injection of arbitrary script/HTML and is doc...

4.3CVSS5.8AI score0.01565EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder