CVE-2022-50686 Kentico Xperience <= 12.0 Portal Engine Form Control Information Disclosure

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users...

CVE-2022-50686

CVE-2022-50686 affects Kentico Xperience (

CVE-2022-50686 Kentico Xperience <= 12.0 Portal Engine Form Control Information Disclosure

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users...

PT-2025-52308

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description An information disclosure issue exists in Kentico Xperience. Attackers can view sensitive stack trace details through Portal Engine form control error messages. This disclosure of...

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that can be exploited by attackers to cause information disclosure...

CVE-2022-30118

Title for CVE: XSS in /dashboard/system/express/entities/forms/savecontrol/GUID: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can...

Design/Logic Flaw

Title for CVE: XSS in /dashboard/system/express/entities/forms/savecontrol/GUID: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can...

Improper Input Validation in Jenkins

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...

Stored Cross Site Scripting

Jenkins is vulnerable to stored cross site scripting. An attacker is able to exploit a stored Cross Site Scripting as the f:expandable TextBox form control interprets its content as HTML when expanded...

CVE-2019-10401

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...

FreeBSD : jenkins -- multiple vulnerabilities (9720bb39-f82a-402f-9fe4-e2c875bdda83)

Jenkins Security Advisory : DescriptionMedium SECURITY-1498 / CVE-2019-10401 Stored XSS vulnerability in expandable textbox form control Medium SECURITY-1525 / CVE-2019-10402 XSS vulnerability in combobox form control Medium SECURITY-1537 1 / CVE-2019-10403 Stored XSS vulnerability in SCM tag...

CVE-2019-10402

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents...

CVE-2019-10401

CVE-2019-10401 corresponds to a stored XSS in Jenkins up to 2.196 and LTS 2.176.3 due to the f:expandableTextBox form control interpreting content as HTML, allowing exploitation by users who can define its contents (e.g., Job/Configure). Connected sources confirm the exact vulnerable component an...

CVE-2019-1003050

CVE-2019-1003050 affects Jenkins core UI: the f:validateButton form control did not properly escape job URLs, enabling a cross-site scripting (XSS) vulnerability. Vulnerable in Jenkins versions 2.171 and earlier and Jenkins LTS 2.164.1 and earlier; exploit requires a user with the ability to cont...

CVE-2017-1000401

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...

Default credentials

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...

CVE-2017-1000401

CVE-2017-1000401 affects Jenkins versions 2.73.1 and earlier, and 2.83 and earlier, where the default form control used GET for validation requests. This could cause secrets (e.g., API keys) to be logged in HTTP access logs in non-default configurations. The issue has been mitigated by changing ...

CVE-2017-1000401

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation e.g. for API keys. The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations o...

Microsoft Internet Explorer 5.0 HTML Form Control DoS

No description provided by source. Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 HTML Form Control DoS source: http://www.securityfocus.com/bid/606/info Certain Microsoft applications IE5, Outlook Express 5 are unable to display large HTML form fields within HTML tables...

CVE-2011-1111

Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via unknown vectors...