24 matches found
EUVD-2022-3263
Malicious code in bioql PyPI...
SUSE CVE-2013-5573
Cross-site scripting XSS vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration...
GHSA-XQPP-26PP-2365 XSS vulnerability in Jenkins Markdown Formatter Plugin
Jenkins Markdown Formatter Plugin 0.1.0 and earlier uses a Markdown library to parse Markdown that does not escape crafted link target URLs. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with the ability to edit any description rendered using the...
GHSA-7QF3-C2Q8-69M3 Reflected XSS vulnerability in Jenkins markup formatter preview
Jenkins allows administrators to choose the markup formatter to use for descriptions of jobs, builds, views, etc. displayed in Jenkins. When editing such a description, users can choose to have Jenkins render a formatted preview of the description they entered. Jenkins 2.274 and earlier, LTS...
Reflected XSS vulnerability in Jenkins markup formatter preview
Jenkins allows administrators to choose the markup formatter to use for descriptions of jobs, builds, views, etc. displayed in Jenkins. When editing such a description, users can choose to have Jenkins render a formatted preview of the description they entered. Jenkins 2.274 and earlier, LTS...
Stored XSS vulnerability in Jenkins Active Choices Plugin
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Active Choices Plugin 2.5 escapes the name of build parameters and...
Stored XSS vulnerability in Jenkins Compact Columns Plugin
Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips. This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. Compact Columns Plugin 1.12 applies the configured markup formatter to the job...
GHSA-52G6-PFRQ-RXFV Jenkins allows Cross-Site Scripting (XSS) in User Configuration
Cross-site scripting XSS vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration...
CVE-2021-21660
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter...
jenkins: Reflected XSS vulnerability in markup formatter preview
A flaw was found in jenkins. A cross-site scripting XSS vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat...
CVE-2021-21610
A flaw was found in jenkins. A cross-site scripting XSS vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat...
CVE-2021-21610
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting XSS vulnerability if the configured markup formatter does not prohibit unsafe...
Cross site scripting
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting XSS vulnerability if the configured markup formatter does not prohibit unsafe...
PT-2020-15519 · Jenkins · Jenkins Active Choices Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Active Choices Plugin versions 2.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because the name and description of build parameters are not properly escaped. This vulnerability can be...
CVE-2019-10374
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI...
Cross-site Scripting (XSS)
jenkins is vulnerable to cross-site scripting XSS attacks. The vulnerability exists in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration...
Cross site scripting
Cross-site scripting XSS vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter...
CVE-2016-3101
Cross-site scripting XSS vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter...
CVE-2016-3101
Cross-site scripting XSS vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter...
CVE-2016-3101
Cross-site scripting XSS vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter...