205 matches found
CVE-2023-6012 Incorrect input data validation in Lanaccess ONSAFE MonitorHM Web Console
An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure...
November 7, 2023, update for Project 2016 (KB5002502)
November 7, 2023, update for Project 2016 KB5002502 This article describes update 5002502 for Microsoft Project 2016 that was released on November 7, 2023.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't app...
Malicious code in usaa-checkbox (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afe64eeba91a65d635e6c3f7e03290fbdc9358315362742b8e25f65ce9dc1166 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1527 Malicious code in usaa-checkbox (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afe64eeba91a65d635e6c3f7e03290fbdc9358315362742b8e25f65ce9dc1166 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Checkbox Plugin <= 0.8.3 is vulnerable to Cross Site Scripting (XSS)
Software Checkbox Type Plugin Vulnerable versions = 0.8.3 Fixed in 0.8.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 36822a9c98e8 Credits Rafie Muhammad Patchstack Required privileg...
The vulnerability of the CheckboxWeb.dll library in the Checkbox Survey software for online surveys and data collection allows a perpetrator to execute arbitrary code.
The vulnerability of the CheckboxWeb.dll library in online survey and data collection software like Checkbox Survey lies in the possibility of unreliable data being restored to memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Malicious Package
Overview jqueryuicheckbox is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
CVE-2021-4252 WP-Ban ban-options.php toggle_checkbox cross site scripting
A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function togglecheckbox of the file ban-options.php. The manipulation of the argument $SERVER"HTTPUSERAGENT" leads to cross site scripting. The attack may be initiated remotely. The name of the...
WP-Ban 安全漏洞
WP-Ban is a blog by Lester Chan, an individual developer, that bans users from accessing WordPress via IP, IP range, hostname, user agent, and referring url. A security vulnerability exists in WP-Ban, which stems from the manipulation of a parameter in the togglecheckbox function of its...
Malicious code in jquery_ui_checkbox (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ec7cbc825e540dca6a67d1370e8c9d0cd6d3d116fce5c6fdc5f33f0a66aa780 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin
Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of the parameter types it provides. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability requires that...
CVE-2022-43425
Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-43425
Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-43425
Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
PT-2022-26909 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Custom Checkbox Parameter Plugin versions 1.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the...
Jenkins Custom Checkbox Parameter Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...
CVE-2022-43425
CVE-2022-43425 affects Jenkins Custom Checkbox Parameter Plugin (versions ≤ 1.4). The issue is a stored XSS caused by not escaping the name/description of Custom Checkbox Parameter parameters on parameter-listing views, exploitable by users with Item/Configure permission. Exploitation requires pa...
Nextcloud: Secure view trivial to bypass
The secure view feature in Nextcloud was vulnerable to bypassing, allowing users to download files without watermarks. This was possible by using the richdocuments app and adding "/contents" to the URL. The checkbox indicating that downloading is not allowed was misleading, and a solution could b...
CVE-2022-31160
A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting XSS attack via the initialization of a check-box-radio widget on an input tag enclosed within a label, leading to the parent label contents being considered as the input label...