NiceGUI 跨站脚本漏洞

NiceGUI is an easy-to-use, Python-based UI framework developed under the open source license. Versions of NiceGUI prior to 3.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of eval in multiple client APIs, and incorrect escaping of method names, which...

CVE-2023-28669

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...