14 matches found
EUVD-2019-15048
Malware in sbrugna...
CVE-2019-5466
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names...
Information disclosure
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Roj...
CVE-2023-22503
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Roj...
Cross-site Scripting (XSS)
craftcms/cms is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to improper validation of url parameters in label names or instruction of an entry type located in parameter.js, which allows an attacker to inject and execute malicious JavaScript in the victims browser...
PT-2023-2589 · Atlassian · Confluence
Name of the Vulnerable Software and Affected Versions: Atlassian Confluence Server versions prior to 7.13.15 Atlassian Confluence Server versions 7.14.0 through 7.19.7 Atlassian Confluence Server versions 7.20.0 through 8.2.0 Atlassian Confluence Data Center versions prior to 7.13.15 Atlassian...
GHSA-VQWG-4V6F-H6X5 Stored XSS vulnerability in Matrix Project Plugin
Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...
CVE-2022-20615
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...
CVE-2019-5466
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names...
CVE-2019-5466
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names...
CVE-2019-5466
Technical details about CVE-2019-5466 are not publicly provided in the connected documents. Monitor for updates from vendors (GitLab, Red Hat, Ubuntu, Debian, CVE List) for affected versions, impact, and remediation.
CVE-2019-5466
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names...
CVE-2019-5466
Removed by vendor...
Cross-site Scripting (XSS)
Morris.js is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the hovering label names. These labels aren't escaped so if these labels are attacker controlled, malicious script can be executed client side each time a graph is loaded...