CVE-2025-40643

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-40643 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-40643

Energy CRM v2025 by Status Tracker Ltd contains a Stored XSS in the /crm/create_job_submit.php endpoint via the JobCreatedBy input. The lack of proper validation allows an attacker to craft a request that could be stored and later executed in an authenticated user’s browser, potentially exposing ...

EUVD-2025-35664

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

Energy CRM 跨站脚本漏洞

Energy CRM is an enterprise resource management system from Energy UK. A cross-site scripting vulnerability exists in Energy CRM version v2025, which stems from insufficient validation of user input for the parameter JobCreatedBy in the file /crm/createjobsubmit.php, which could lead to a stored...

SUSE CVE-2015-1158

The addjob function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted 1 IPPCREATEJOB or 2 IPPPRINTJOB...

GHSA-3J9C-CP7M-8W8G Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

Webmin Cross-Site Request Forgery Vulnerability

Webmin is a web-based system administration tool for Unix-like operating systems developed by Australian software developer Jamie Cameron and the Webmin community. A cross-site request forgery vulnerability exists in Webmin version 1.850. A remote attacker can exploit this vulnerability by sendin...

jenkins: XXE injection into job configurations via CLI (SECURITY-173)

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

jenkins: XXE injection into job configurations via CLI (SECURITY-173)

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2015-07826)

CloudBees Jenkins is the open source continuous integration server. CloudBees Jenkins 1.638, LTS 1.625.2 or earlier, an XML external entity vulnerability exists in the create-job CLI command, which can be used by a remote attacker to read arbitrary files through the constructed job configuration,...

CVE-2015-5319

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

Apple CUPS cupsd Privilege Escalation (CVE-2015-1158)

An elevation-of-privilege vulnerability has been reported in the Apple CUPS. The vulnerability is due to improper processing of print-job or create-job requests sent to cupsd. A remote, unauthenticated attacker can send a specially crafted localized strings to cause the 'admin/conf' and 'admin'...

CVE-2014-2059

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

CVE-2005-1496

The DBMSScheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSIONUSER to the SYS user...