3 matches found
CVE-2022-29182 DOM-based XSS in GoCD
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 inclusive are vulnerable to a Document Object Model DOM-based cross-site scripting attack via a pipeline run's Stage Details Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script tha...
CVE-2022-29182 DOM-based XSS in GoCD
GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 inclusive are vulnerable to a Document Object Model DOM-based cross-site scripting attack via a pipeline run's Stage Details Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script tha...
CVE-2022-29182
GoCD versions 19.11.0–21.4.0 are vulnerable to a DOM-based XSS in the Stage Details > Graphs tab. An attacker-hosted page can abuse the messaging channel between the parent page and the stage-graphs iframe to execute script in the user’s browser context, potentially exfiltrating session cookie...