4 matches found
PT-2026-7326
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...
The vulnerability of the Jenkins automation server arises from improper handling of input during the creation of web pages. This allows attackers to carry out attacks using XSS techniques, with the ability to manipulate files in the working areas.
The vulnerability of the Jenkins automation server relates to the absence of a protection mechanism for the value of the “caption” parameter in the ExpandableDetailsNote configuration. Exploiting this vulnerability allows an attacker to carry out attacks using XSS techniques, with the ability to...
GHSA-5J46-5HWQ-GWH7 Jenkins Cross-site Scripting vulnerability
ExpandableDetailsNote allows annotating build log content with additional information that can be revealed when interacted with. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the caption constructor parameter of ExpandableDetailsNote. This results in a stored...
PT-2023-8996 · Jenkins +1 · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.423 and earlier, LTS versions 2.414.1 and earlier Description: The issue is related to the lack of escaping of the caption constructor parameter value of ExpandableDetailsNote, resulting in a stored cross-site scripting XSS...