65 matches found
EUVD-2022-1581
Malicious code in bioql PyPI...
EUVD-2022-1418
Malicious code in bioql PyPI...
EUVD-2022-1404
Malicious code in bioql PyPI...
CVE-2022-27202
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
The vulnerability of the Jenkins Dynamic Extended Choice Parameter Plugin exists due to the lack of measures taken to protect the structure of web pages. This allows attackers to carry out XSS attacks.
The vulnerability of the Jenkins Dynamic Extended Choice Parameter Plugin exists due to the lack of security measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
GHSA-JVVX-HMMR-RHGG Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-36902
Jenkins Dynamic Extended Choice Parameter Plugin versions 1.0.1 and earlier are affected by a stored XSS vulnerability in Moded Extended Choice parameters because several fields are not escaped. This can be exploited by attackers with Item/Configure permissions. Affected products: Jenkins Dynamic...
GHSA-7558-6Q45-6X7M Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34186
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34186
The CVE-2022-34186 entry concerns the Jenkins Dynamic Extended Choice Parameter Plugin (version 1.0.1 and earlier), where the plugin does not escape the name and description of Moded Extended Choice parameters on parameter views. This creates a stored XSS vulnerability exploitable by attackers wi...
Jenkins Plugin Dynamic Extended Choice Parameter 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Dynamic Extended Choice Parameter Plugin version 1.0.1 and prior...
Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.8 / 2.303.x < 2.303.30.0.7 / 2.332.1.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-03-15)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.8, 2.303.x prior to 2.303.30.0.7, or 2.x prior to 2.332.1.5. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forge...
com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.7 <=1.8), com.dubture.jenkins:digitalocean-plugin (>=0.1 <=0.2) +39 more potentially affected by CVE-2014-2058 via org.jenkins-ci.main:jenkins-core (>=1.533 <=1.550)
org.jenkins-ci.main:jenkins-core MAVEN version =1.533, =1.7, =0.1, =1.53, =1.0.0, =0.1, =1.533, =1.533, =1.533, =1.533, =0.1.3, =0.1.5 and more Source cves: CVE-2014-2058 Source advisory: OSV:GHSA-7FPG-PP3M-H22F...
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter (>=1.0.0 <=1.0.1) potentially affected by CVE-2017-1000090 via org.jenkins-ci.plugins:role-strategy (=2.1.0)
org.jenkins-ci.plugins:role-strategy MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:role-strategy and may be impacted: - com.moded.extendedchoiceparameter:dynamicextendedchoiceparameter =1.0.0, =1.0.1 Source...
com.cloudbees.jenkins.plugins:custom-tools-plugin (>=0.4 <=0.6) potentially affected by CVE-2022-29038 via org.jenkins-ci.plugins:extended-choice-parameter (=0.28)
org.jenkins-ci.plugins:extended-choice-parameter MAVEN version =0.28 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:extended-choice-parameter and may be impacted: - com.cloudbees.jenkins.plugins:custom-tools-plugin =0.4, =0.6...
Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
GHSA-GP7C-XMMM-7PQR Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29038
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29038
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...