EUVD-2022-6980

Malicious code in bioql PyPI...

View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026

The View Password module enables you to add a help icon button next to the password input field to toggle the password visibility. The administrative user is allowed to add classes to this icon for styling purposes. The module doesn't validate the content of classes. A malicious user with access ...

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

GHSA-XPVP-H73C-M9RQ Jenkins vulnerable to stored cross site scripting in the I:helpIcon component

Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control tooltips for this component. As of publication,...

CVE-2022-41224

Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control tooltips for this component...

PT-2022-25739 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.367 through 2.369 Description: The issue results in a stored cross-site scripting XSS vulnerability due to the lack of escaping tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI. This...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A cross-site scripting vulnerability exists in Jenkins versions 2.367 through 2.369, which stems from a tooltip that does...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting. The vulnerability exists because the help icon does not escape the feature name that is part of its tooltip which allows an attacker to inject and execute arbitrary javascript...

Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-65924)

Jenkins is an application of the Jenkins open source. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the fact that the help icon does not...

PT-2022-22037 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.320 through 2.355 Jenkins LTS versions 2.332.1 through 2.332.3 Description: The help icon in Jenkins does not escape the feature name that is part of its tooltip, resulting in a cross-site scripting XSS vulnerability. This...