40 matches found
EUVD-2024-2552
Malicious code in bioql PyPI...
EUVD-2025-0193
Malicious code in bioql PyPI...
EUVD-2023-1764
Malicious code in bioql PyPI...
CVE-2022-34195
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2025-24355
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
CVE-2025-24355 Updatecli may expose Maven credentials in console output
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
Updatecli 安全漏洞
Updatecli is a declarative dependency management tool from the Updatecli open source. A security vulnerability exists in Updatecli versions prior to 0.93.0, which stems from the fact that private Maven repository credentials may be leaked to application logs if a retrieval operation fails...
CVE-2024-36115 Stored Cross site scripting in Reposilite artifacts
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies i...
PT-2024-25461 · Unknown · Mvnrepository Ms Basic +1
Name of the Vulnerable Software and Affected Versions: MvnRepository MS Basic versions 2.1.18.3 and earlier Maven net.mingsoft MS Basic versions 2.1.13.4 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability in the search function. This type of vulnerability...
CVE-2023-35144
A flaw was found in the Jenkins Maven Repository Server Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability to inject malicious script into a web page, which would be...
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...
Stored XSS vulnerability in Jenkins Maven Repository Server Plugin
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2023-35144
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2023-35144
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2023-35143
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...
CVE-2023-35143
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...
Cross site scripting
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control maven project versions in pom.xml...
CVE-2023-35144
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2023-35144
CVE-2023-35144 affects the Jenkins Maven Repository Server Plugin, versions 1.10 and earlier. The vulnerability arises from improper escaping of project and build display names on the Build Artifacts As Maven Repository page, enabling a stored XSS attack. Impact: attacker-controlled input could e...
CVE-2023-35144
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting XSS vulnerability...