53 matches found
CVE-2026-50701
A Reflected Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component...
CVE-2026-50701
Frappe Framework 17.0.0-dev is affected by a Reflected DOM XSS in the dashboard-view component due to improper neutralization of user-controlled input. The CVE entry (CVE-2026-50701) shows a CVSS v4.0 base score of 5.1 (MEDIUM) with no listed exploit details in the provided documents. The vulnera...
CVE-2026-50701 Frappe Framework 17.0.0-dev - Reflected DOM XSS in dashboard-view breadcrumb rendering
A Reflected Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component...
CVE-2026-40844
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
EUVD-2026-32143
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40844 Authenticated SQLi in dashboard view
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40844 Authenticated SQLi in dashboard view
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40844
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40844
The CVE describes an unauthenticated SQL Injection in a dashboard view, exploitable by a low-privileged remote attacker via a malicious SQL SELECT without proper input neutralization. Root cause: improper neutralization of special elements in a SQL SELECT command. Impact: total loss of confidenti...
CVE-2026-31150
Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...
EUVD-2022-1343
Malicious code in bioql PyPI...
CVE-2022-27197
Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure views...
CVE-2021-21649
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...
Cross-site Scripting (XSS)
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dashboard.js view for inspecting detailed run information. An attacker can execute arbitrary JavaScript code in the context of the...
CVE-2023-40350
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...
Jenkins Plugin Docker Swarm 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A cross-si...
PT-2023-5740 · Jenkins · Jenkins Docker Swarm Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Swarm Plugin versions 1.11 and earlier Description: The issue is related to the Jenkins Docker Swarm Plugin, which does not properly escape values returned from Docker before inserting them into the Docker Swarm Dashboard view...
CVE-2023-32711
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...
CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...
Jenkins Dashboard View Plugin Cross-Site Scripting (CVE-2021-21649)
A stored cross-site scripting vulnerability exists in Jenkins Dashboard View Plugin. This vulnerability is due to insufficient validation of user-controlled information...