196 matches found
Stored Cross-Site Scripting (XSS)
phpmyfaq is vulnerable to Stored Cross-Site Scripting XSS attacks. The library does not properly convert user inputs to HTML entities in the privacyURL of phpmyfaq/contact.php before it output to the front end, allowing an attacker to inject and execute malicious content via infected hyperlinks...
March 14, 2023—KB5023702 (OS Build 17763.4131)- EXPIRED
March 14, 2023—KB5023702 OS Build 17763.4131- EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. 11/17/20 For...
March 14, 2023—KB5023752 (Security-only update)
March 14, 2023—KB5023752 Security-only update IMPORTANT For Windows Server 2012, the end of support EOS date is October 10, 2023. Extended Security Updates ESUs will be available for purchase no later than October 2022, but available for installation after the EOS date, October 10, 2023. ESUs wil...
Jenkins plugins Multiple Vulnerabilities (2022-10-19)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugi...
February 21, 2023—KB5022906 (OS Builds 19042.2673, 19044.2673, and 19045.2673) Preview
February 21, 2023—KB5022906 OS Builds 19042.2673, 19044.2673, and 19045.2673 Preview 1/19/23 IMPORTANT After March 2023, there are no more optional, non-security preview releases for the supported editions of Windows 10, version 20H2 and Windows 10, version 21H2. Only cumulative monthly security...
February 21, 2023—KB5022905 (OS Build 22000.1641) Preview
February 21, 2023—KB5022905 OS Build 22000.1641 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page.Note Follow @WindowsUpdate to...
SUSE CVE-2003-0434
Various PDF viewers including 1 Adobe Acrobat 5.06 and 2 Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink...
SUSE CVE-2005-4636
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings...
SUSE CVE-2021-30245
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to...
Stored XSS edit Config Link
Description Stored Cross-Site Scripting XSS through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the...
GHSA-64R9-X74Q-WXMH Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build...
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build...
CVE-2022-43409
Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...
Cross site scripting
Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...
CVE-2022-43409
Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...
Jenkins Plugin Pipeline: Supporting APIs 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Pipeline:...
CVE-2022-1539
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
CVE-2022-1539
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
CVE-2022-1539
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...
GHSA-P5CH-W78F-XH44 Cross-site scripting in @atlaskit/editor-core
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in link targets...