CVE-2026-40844

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32143

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40844

The CVE describes an unauthenticated SQL Injection in a dashboard view, exploitable by a low-privileged remote attacker via a malicious SQL SELECT without proper input neutralization. Root cause: improper neutralization of special elements in a SQL SELECT command. Impact: total loss of confidenti...

CVE-2026-40844 Authenticated SQLi in dashboard view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40844 Authenticated SQLi in dashboard view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40844

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-31150

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

EUVD-2022-1343

Malicious code in bioql PyPI...

CVE-2022-27197

Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure views...

CVE-2021-21649

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...

Cross-site Scripting (XSS)

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dashboard.js view for inspecting detailed run information. An attacker can execute arbitrary JavaScript code in the context of the...

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

Jenkins Plugin Docker Swarm 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A cross-si...

PT-2023-5740 · Jenkins · Jenkins Docker Swarm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Docker Swarm Plugin versions 1.11 and earlier Description: The issue is related to the Jenkins Docker Swarm Plugin, which does not properly escape values returned from Docker before inserting them into the Docker Swarm Dashboard view...

CVE-2023-32711

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...

CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...

Jenkins Dashboard View Plugin Cross-Site Scripting (CVE-2021-21649)

A stored cross-site scripting vulnerability exists in Jenkins Dashboard View Plugin. This vulnerability is due to insufficient validation of user-controlled information...

CVE-2022-34795

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...

GHSA-FV4Q-4H24-23QR Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting

Dashboard View Plugin did not escape the build description on the Latest Builds View. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the description of builds shown on that view. Dashboard View Plugin now applies the configured markup formatter to t...

org.jenkins-ci.plugins:project-build-times (>=1.0 <=1.2.1), org.jenkins-ci.plugins:project-stats-plugin (>=0.1 <=0.4) potentially affected by CVE-2019-10396 via org.jenkins-ci.plugins:dashboard-view (>=2.0 <=2.0.2)

org.jenkins-ci.plugins:dashboard-view MAVEN version =2.0, =1.0, =0.1, =0.4 Source cves: CVE-2019-10396 Source advisory: OSV:GHSA-FV4Q-4H24-23QR...