EUVD-2022-3417

Malicious code in bioql PyPI...

CVE-2023-28679

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

Cross site scripting

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

CVE-2023-28679

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

CVE-2023-28679

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

CVE-2023-28679

Summary: CVE-2023-28679 affects Jenkins Mashup Portlets Plugin (versions ≤ 1.1.2). The vulnerability is a stored cross-site scripting (XSS) flaw introduced by the Generic JS Portlet feature, which allows a user to populate a portlet with a custom JavaScript expression. The issue can be exploited ...

Unspecified Vulnerability in CloudBees Jenkins Mashup Portlets Plugin

CloudBees Jenkins Hudson Labs is a set of Java-based development of the United States CloudBees continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed execution of the task . Mashup Portlets Plugin is used ...

CVE-2019-10347

The CVE-2019-10347 issue affects the Jenkins Mashup Portlets Plugin (e.g., CloudBees Jenkins Mashup Portlets) where credentials are stored in plaintext on the Jenkins master filesystem. Root cause per sources is unencrypted credential storage that allows users with master-file-system access to vi...

PT-2019-11746 · Jenkins · Jenkins Mashup Portlets Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mashup Portlets Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner on the Jenkins master, making them accessible to users with file system access. Recommendations...