11 matches found
GHSA-JXGR-GCJ5-CQQG nautobot has reflected Cross-site Scripting potential in all object list views
Impact It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting Reflected XSS attack against users. All filterable object-list views in Nautobot are...
nautobot has reflected Cross-site Scripting potential in all object list views
Impact It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting Reflected XSS attack against users. All filterable object-list views in Nautobot are...
BIT-JENKINS-2022-34173
In Jenkins 2.340 through 2.355 both inclusive the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
Cross-site Scripting (XSS)
jenkins is vulnerable to cross-site scripting attacks.The vulnerability exists in the tooltip of the build button in list views which allows an attacker with job/configure permission...
CVE-2022-34173
In Jenkins 2.340 through 2.355 both inclusive the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
Cross site scripting
In Jenkins 2.340 through 2.355 both inclusive the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2022-34173
In Jenkins 2.340 through 2.355 both inclusive the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2022-34173
In Jenkins 2.340 through 2.355 both inclusive the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
PT-2022-22040 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.340 through 2.355 Description: The tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability. This issue is exploitable by attackers...
Stored XSS vulnerability in Jenkins Link Column Plugin
Link Column Plugin allows users with View/Configure permission to add a new column to list views that contain a user-configurable link.\n\nLink Column Plugin 1.0 and earlier does not filter the URL for these links, allowing the javascript: scheme. This results in a stored cross-site scripting XSS...
GHSA-Q2MM-W3QC-2936 Stored XSS vulnerability in Jenkins Link Column Plugin
Link Column Plugin allows users with View/Configure permission to add a new column to list views that contain a user-configurable link.\n\nLink Column Plugin 1.0 and earlier does not filter the URL for these links, allowing the javascript: scheme. This results in a stored cross-site scripting XSS...