Lucene search
K

196 matches found

Veracode
Veracode
added 2023/04/21 10:51 a.m.17 views

Stored Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Stored Cross-Site Scripting XSS attacks. The library does not properly convert user inputs to HTML entities in the privacyURL of phpmyfaq/contact.php before it output to the front end, allowing an attacker to inject and execute malicious content via infected hyperlinks...

5.4CVSS5.1AI score0.00532EPSS
Exploits1References5Affected Software2
Microsoft KB
Microsoft KB
added 2023/03/14 7:0 a.m.2309 views

March 14, 2023—KB5023702 (OS Build 17763.4131)- EXPIRED

March 14, 2023—KB5023702 OS Build 17763.4131- EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ​​​​​​​ 11/17/20 For...

9.8CVSS6.9AI score0.78152EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2023/03/14 7:0 a.m.150 views

March 14, 2023—KB5023752 (Security-only update)

March 14, 2023—KB5023752 Security-only update IMPORTANT For Windows Server 2012, the end of support EOS date is October 10, 2023. Extended Security Updates ESUs will be available for purchase no later than October 2022, but available for installation after the EOS date, October 10, 2023. ESUs wil...

9.8CVSS7.3AI score0.4997EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/03 12:0 a.m.53 views

Jenkins plugins Multiple Vulnerabilities (2022-10-19)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugi...

9.9CVSS6.9AI score0.01211EPSS
Exploits0References34
Microsoft KB
Microsoft KB
added 2023/02/21 12:0 a.m.4 views

February 21, 2023—KB5022906 (OS Builds 19042.2673, 19044.2673, and 19045.2673) Preview

February 21, 2023—KB5022906 OS Builds 19042.2673, 19044.2673, and 19045.2673 Preview 1/19/23 IMPORTANT After March 2023, there are no more optional, non-security preview releases for the supported editions of Windows 10, version 20H2 and Windows 10, version 21H2. Only cumulative monthly security...

6.5AI score
Exploits0
Microsoft KB
Microsoft KB
added 2023/02/21 12:0 a.m.7 views

February 21, 2023—KB5022905 (OS Build 22000.1641) Preview

February 21, 2023—KB5022905 OS Build 22000.1641 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page.Note Follow @WindowsUpdate to...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.8 views

SUSE CVE-2003-0434

Various PDF viewers including 1 Adobe Acrobat 5.06 and 2 Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink...

7.5CVSS7.8AI score0.40942EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.5 views

SUSE CVE-2005-4636

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings...

4.6CVSS6.7AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.2 views

SUSE CVE-2021-30245

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to...

8.8CVSS8.8AI score0.04942EPSS
Exploits0References3
Huntr
Huntr
added 2023/02/12 6:32 p.m.31 views

Stored XSS edit Config Link

Description Stored Cross-Site Scripting XSS through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the...

4.9CVSS5.1AI score0.00532EPSS
Exploits1
OSV
OSV
added 2022/10/19 7:0 p.m.29 views

GHSA-64R9-X74Q-WXMH Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin

Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build...

8CVSS6.5AI score0.00655EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.32 views

Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin

Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build...

5.4CVSS5.7AI score0.00655EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/10/19 4:15 p.m.3 views

CVE-2022-43409

Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...

5.4CVSS5.7AI score0.00655EPSS
Exploits0References2
Prion
Prion
added 2022/10/19 4:15 p.m.22 views

Cross site scripting

Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...

4.9CVSS5.7AI score0.00655EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.36 views

CVE-2022-43409

Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...

5.6AI score0.00655EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.7 views

Jenkins Plugin Pipeline: Supporting APIs 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Pipeline:...

5.4CVSS5.4AI score0.00655EPSS
Exploits0References7
NVD
NVD
added 2022/07/25 1:15 p.m.29 views

CVE-2022-1539

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...

8.8CVSS0.01213EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/07/25 1:15 p.m.7 views

CVE-2022-1539

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...

8.8CVSS7.3AI score0.01213EPSS
Exploits1References2
OSV
OSV
added 2022/07/25 1:15 p.m.6 views

CVE-2022-1539

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...

8.8CVSS5.8AI score0.01213EPSS
Exploits1References1
OSV
OSV
added 2022/02/10 8:34 p.m.46 views

GHSA-P5CH-W78F-XH44 Cross-site scripting in @atlaskit/editor-core

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in link targets...

5.4CVSS5.2AI score0.01126EPSS
Exploits0References5
Rows per page
Query Builder