30 matches found
GHSA-HG6G-JJ7G-X6V2 Improper Neutralization of Input During Web Page Generation in Jenkins
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...
BEESCMS suffers from SQL injection vulnerability (CNVD-2020-48932)
BEESCMS adopts PHP+MYSQL, featuring multi-language system and easy expansion of content modules. BEESCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
jenkins: Stored XSS vulnerability in expandable textbox form control
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...
jenkins: Stored XSS vulnerability in expandable textbox form control
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...
PT-2019-11795 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier, LTS versions 2.176.3 and earlier Description: The issue concerns a stored XSS vulnerability. It occurs because the f:expandableTextBox form control interprets its content as HTML when expanded. This can be...
Toshiba VFS15S-2015PL-W1 ASD Drive Detection
Binary data 757973.prm...
Rockwell Automation 1799ER Expandable 24V DC In/Out Source/Sink 1799ER-IQ10XOQ10 General Purpose Discrete I/O
Binary data 752687.prm...
CVE-2006-4752
Laurentiu Matei eXpandable Home Page XHP CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter...
CVE-2006-4751
Cross-site scripting XSS vulnerability in index.php in Laurentiu Matei eXpandable Home Page XHP CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter...
Design/Logic Flaw
Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...