4 matches found
EUVD-2022-3371
Malicious code in bioql PyPI...
GHSA-9G4M-FFX6-C29G Jenkins Cross-site Scripting vulnerability in project naming strategy
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, that is displayed on item creation.\n\nThis results in a stored cross-site scripting XSS vulnerability exploitable by users with Overall/Manage permission.\n\nJenkins 2.252, LTS 2.235.4...
PT-2020-15451 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.251 and earlier Jenkins LTS versions 2.235.3 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the project naming strategy description is not properly escaped...
CVE-2014-3416
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet...