WordPress plugin Content Control 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress Content Control Plugin < 1.1.10 is vulnerable to Cross Site Scripting (XSS)

Software Content Control Type Plugin Vulnerable versions 1.1.10 Fixed in 1.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4509 Patch priority Medium CVSS severity Medium 6.3 Developer Code Atlantic LLC PSID a16131ad7c93 Credits István Márton...

Content Control < 1.1.10 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. PoC Explo...

Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...

GHSA-9523-474X-5H36 Cross site scripting in Jenkins Mission Control Plugin

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties...

WordPress Core Control plugin <= 1.2.1 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Core Control plugin versions = 1.2.1. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is permane...

The vulnerability of the FMW Control Plugin sub-component of the Enterprise Manager for Fusion Middleware software platform allows a malicious individual to gain access to data, modify data, or cause a partial service disruption.

The vulnerability of the FMW Control Plugin component of the Enterprise Manager for Fusion Middleware software from Oracle exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read access to data, modify data, or cause a partial service...

CVE-2021-2008

Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager component: FMW Control Plugin. The supported version that is affected are 11.1.1.9 and 12.2.1.3 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Unspecified Vulnerability in Oracle Enterprise Manager for Fusion Middleware (CNVD-2021-30937)

Oracle Enterprise Manager for Fusion Middleware is Oracle's on-premise management platform for Fusion Middleware. A security vulnerability exists in the FMW Control Plugin component in Oracle Enterprise Manager for Fusion Middleware version 12.2.1.4. An attacker could exploit this vulnerability t...

Unspecified Vulnerability in Oracle Enterprise Manager for Fusion Middleware

Oracle Enterprise Manager for Fusion Middleware is Oracle's on-premise management platform for Fusion Middleware. A security vulnerability exists in the FMW Control Plugin component in Oracle Enterprise Manager for Fusion Middleware version 13.4.0.0. An attacker could exploit this vulnerability t...

Oracle Enterprise Manager for Fusion Middleware 安全漏洞

Oracle Enterprise Manager for Fusion Middleware is Oracle's on-premise management platform for Fusion Middleware. A security vulnerability exists in the FMW Control Plugin component in Oracle Enterprise Manager for Fusion Middleware version 13.4.0.0. An attacker could exploit this vulnerability t...

CloudBees Jenkins Jabber Notifier and Control Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

CloudBees Jenkins Mission Control Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site scripting vulnerability exists in CloudBees Jenkins Mission Control Plugin version 0.9.16 and earlier. The vulnerability stems from the failure of a...

CVE-2019-16563

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties...

CVE-2019-16563

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties...

Cross site scripting

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties...

CVE-2019-16563

Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties...

CVE-2019-16563

The CVE-2019-16563 entry concerns Jenkins Mission Control Plugin (versions 0.9.16 and earlier). The vulnerability is a stored XSS caused by the plugin not escaping job display names and build names displayed in its view, enabling an attacker who can modify these properties to inject script. Impac...

CVE-2019-15137

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...

CVE-2019-15137

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...