3 matches found
Cross-site Scripting in Jenkins Dashboard View Plugin
Jenkins Dashboard View Plugin prior to 2.16 and 2.12.1 does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission. As part of this fix, the property for image URLs was changed fr...
PT-2021-14692 · Jenkins · Jenkins Dashboard View Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dashboard View Plugin versions 2.15 and earlier Jenkins Dashboard View Plugin versions prior to 2.16 Jenkins Dashboard View Plugin version 2.12.1 and earlier Description: The issue is related to a stored cross-site scripting XSS...
Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability
A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...