291 matches found
WordPress ND Shortcodes For Visual Composer Plugin < 7.0 is vulnerable to Cross Site Scripting (XSS)
Software ND Shortcodes For Visual Composer Type Plugin Vulnerable versions 7.0 Fixed in 7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4623 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd667622b492 Credits István Márto...
WordPress ND Shortcodes For Visual Composer Plugin < 7.0 is vulnerable to Local File Inclusion
Software ND Shortcodes For Visual Composer Type Plugin Vulnerable versions 7.0 Fixed in 7.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-1273 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0d5d6aec821b Credits Erwan LR WPScan Required...
nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3454220
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ND Shortcodes < 7.0 - Subscriber+ LFI
The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks Run the below command in the developer console of the web browser while being on the blog as a...
nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3401332
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3374357
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GHSA-GQXR-HVRW-6HFH Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
Jenkins NS-ND Integration Performance Publisher Plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. While these credentials are stored encrypted on disk, in NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier, the job...
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
Jenkins NS-ND Integration Performance Publisher Plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. While these credentials are stored encrypted on disk, in NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier, the job...
CVE-2023-33000
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-33000
CVE-2023-33000 affects Jenkins NS-ND Integration Performance Publisher Plugin. Versions up to 4.8.0.149 do not mask credentials in the configuration form, enabling observers to see them. The issue, with a high confidentiality impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), is mitigated in...
Jenkins NS-ND Integration Performance Publisher Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3247471
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-22391
A vulnerability in class-of-service CoS queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service DoS. Specific packets are being incorrectly routed to a queue used for other high-priority traffic such a...
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These passwords can be viewed by attackers with Item/Extended Read permission or access to the Jenkins controller file...
GHSA-VJ5R-MMP4-3HRX SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. Currently, there are no known workarounds or patches...
CVE-2022-45391
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...
CVE-2022-45392
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2022-45392
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2022-38666
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features...
PT-2022-27493 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.143 and earlier Description: The issue concerns the global and unconditional disabling of SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...