35 matches found
CVE-2026-39405 Frappe has Path Transversal via SCORM
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...
EUVD-2022-4454
Malicious code in bioql PyPI...
Malicious code in fc-content (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f572d0c49001777d7ebfe2df3171692e6f0cc1814541312cfb9b2adbbb0c6335 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-HC44-P2QQ-CFM9 Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins CRX Content Package Deployer Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. a cross-site scripting vulnerability exists in Jenkins CRX Content Package...
CVE-2022-34184
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34184
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34184
CVE-2022-34184 affects Jenkins CRX Content Package Deployer Plugin 1.9 and earlier. The issue is that the name and description of CRX Content Package Choice parameters are not escaped on parameter views, causing stored XSS exploitable by attackers with Item/Configure permission. Connected sources...
CVE-2022-34184
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins Plugin CRX Content Package Deployer 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. a cross-site scripting vulnerability exists in Jenkins CRX Content Package...
PT-2022-22052 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.9 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name and description of CRX Content Package Choi...
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
A missing permission check in Jenkins CRX Content Package Deployer Plugin prior to version 1.9 in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. This issue is patched in version 1.9...
GHSA-JWW4-2793-9GMG Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization
A missing permission check in Jenkins CRX Content Package Deployer Plugin prior to version 1.9 allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin prior to 1.9 allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. This issue is patched...
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization
A missing permission check in Jenkins CRX Content Package Deployer Plugin prior to version 1.9 allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Unspecified Vulnerability in CloudBees Jenkins CRX Content Package Deployer Plugin (CNVD-2019-42835)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . CRX Content Package Deployer Plugin is used in...
Unspecified Vulnerability in CloudBees Jenkins CRX Content Package Deployer Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . CRX Content Package Deployer Plugin is used in...
CloudBees Jenkins CRX Content Package Deployer Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . CRX Content Package Deployer Plugin is used in...