Lucene search
K

34 matches found

ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.3 views

CVE-2022-34188

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.00606EPSS
Exploits0References2
OSV
OSV
added 2022/06/23 5:15 p.m.3 views

CVE-2022-34188

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score0.00606EPSS
Exploits0References1
Prion
Prion
added 2022/06/23 5:15 p.m.18 views

Cross site scripting

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

3.5CVSS5.2AI score0.00606EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/22 2:41 p.m.18 views

CVE-2022-34188

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

6.8AI score0.00606EPSS
Exploits0References1
CVE
CVE
added 2022/06/22 2:41 p.m.99 views

CVE-2022-34188

CVE-2022-34188 describes a stored XSS vulnerability in Jenkins Hidden Parameter Plugin versions 0.0.4 and earlier, where the plugin fails to escape the name and description of Hidden Parameter parameters on parameter-displaying views. This allows attackers with Item/Configure permission to inject...

5.4CVSS5.2AI score0.00606EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.3 views

PT-2022-22056 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Hidden Parameter Plugin versions 0.0.4 and earlier Description: The Jenkins Hidden Parameter Plugin does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-si...

8CVSS5.8AI score0.00606EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.3 views

Jenkins Plugin Hidden Parameter 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from a failure to escape the name and description of t...

5.4CVSS6AI score0.00606EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/17 3:53 a.m.10 views

com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.7 <=1.8), com.dubture.jenkins:digitalocean-plugin (>=0.1 <=0.2) +39 more potentially affected by CVE-2014-2066 via org.jenkins-ci.main:jenkins-core (>=1.533 <=1.550)

org.jenkins-ci.main:jenkins-core MAVEN version =1.533, =1.7, =0.1, =1.53, =1.0.0, =0.1, =1.533, =1.533, =1.533, =1.533, =0.1.3, =0.1.5 and more Source cves: CVE-2014-2066 Source advisory: OSV:GHSA-8JFX-H6Q2-V4G3...

6.8CVSS5.8AI score0.02061EPSS
Exploits0
OSV
OSV
added 2018/08/30 5:29 p.m.5 views

CVE-2018-15480

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which allowed an authenticated...

8.8CVSS5.8AI score0.01024EPSS
Exploits0References1
Kitploit
Kitploit
added 2018/03/26 12:31 p.m.43 views

XSStrike v2.0 - An Advanced XSS Detection And Exploitation Suit

XSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is intelligent enough to detect and break out of various contexts. Made by Somdev Sangwan...

6.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/07/27 8:28 a.m.6 views

foreman: XSS in hidden parameter value switcher

Cross-site scripting XSS vulnerability in Foreman 1.7.0 and after...

6.1CVSS5.7AI score0.00994EPSS
Exploits0References4
Hacker One
Hacker One
added 2014/05/26 4:28 p.m.11 views

Khan Academy: Unchecking hidden parameter is vulnerable to XSS-attack

Unchecking parameter Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. http://crowdin.khanacademy.org:/login PoC prompt986874"/...

0.5AI score
Exploits0
myhack58
myhack58
added 2008/12/31 12:0 a.m.19 views

Hidden type parameters of the variables are not filtered resulting in the upload exploit a-vulnerability warning-the black bar safety net

Inadvertently saw a graphic design website, website full by the static asp configuration, done very beautiful. Sigh it's beautifully designed at the same time, could not help heart muttered, full of static asp pages can indeed prevent injection vulnerabilities, but WEB vulnerabilities is more tha...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2008/12/08 12:0 a.m.125 views

siu guarani - Multiple Vulnerabilities

multiple remote vulnerabilities siu guarani general information ------------------- bug type : multiple remote vulnerabilities software name : SIU Guarani vendor : SIU www.siu.edu.ar authors : proudhon & Ubik date : the 341st day of the year 2008 contact : N/A description : SIU-Guarani is a web...

7.4AI score
Exploits0
Rows per page
Query Builder