Lucene search
K

291 matches found

Patchstack
Patchstack
added 2023/07/04 12:0 a.m.16 views

WordPress ND Shortcodes For Visual Composer Plugin < 7.0 is vulnerable to Cross Site Scripting (XSS)

Software ND Shortcodes For Visual Composer Type Plugin Vulnerable versions 7.0 Fixed in 7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4623 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd667622b492 Credits István Márto...

5.4CVSS5.7AI score0.00444EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.11 views

WordPress ND Shortcodes For Visual Composer Plugin < 7.0 is vulnerable to Local File Inclusion

Software ND Shortcodes For Visual Composer Type Plugin Vulnerable versions 7.0 Fixed in 7.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-1273 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0d5d6aec821b Credits Erwan LR WPScan Required...

8.8CVSS6.8AI score0.01683EPSS
Exploits2References3Affected Software1
Openbugbounty
Openbugbounty
added 2023/06/21 3:38 p.m.15 views

nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3454220

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
wpexploit
wpexploit
added 2023/06/12 12:0 a.m.166 views

ND Shortcodes < 7.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks Run the below command in the developer console of the web browser while being on the blog as a...

8.8CVSS8.5AI score0.01683EPSS
Exploits2
Openbugbounty
Openbugbounty
added 2023/06/07 4:26 a.m.5 views

nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3401332

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/06/02 9:32 a.m.8 views

nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3374357

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
OSV
OSV
added 2023/05/16 6:30 p.m.17 views

GHSA-GQXR-HVRW-6HFH Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking

Jenkins NS-ND Integration Performance Publisher Plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. While these credentials are stored encrypted on disk, in NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier, the job...

3.1CVSS7.6AI score0.00569EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.23 views

Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking

Jenkins NS-ND Integration Performance Publisher Plugin stores credentials in job config.xml files on the Jenkins controller as part of its configuration. While these credentials are stored encrypted on disk, in NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier, the job...

7.5CVSS6.6AI score0.00569EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/05/16 5:15 p.m.37 views

CVE-2023-33000

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them...

7.5CVSS7.5AI score0.00569EPSS
Exploits0References1
CVE
CVE
added 2023/05/16 4:0 p.m.68 views

CVE-2023-33000

CVE-2023-33000 affects Jenkins NS-ND Integration Performance Publisher Plugin. Versions up to 4.8.0.149 do not mask credentials in the configuration form, enabling observers to see them. The issue, with a high confidentiality impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), is mitigated in...

7.5CVSS7.5AI score0.00569EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.8 views

Jenkins NS-ND Integration Performance Publisher Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

7.5CVSS7.3AI score0.00569EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2023/04/04 4:34 p.m.16 views

nd-skoda-volkswagen.cz Cross Site Scripting vulnerability OBB-3247471

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
OSV
OSV
added 2023/01/13 12:15 a.m.4 views

CVE-2023-22391

A vulnerability in class-of-service CoS queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service DoS. Specific packets are being incorrectly routed to a queue used for other high-priority traffic such a...

7.5CVSS7.1AI score0.00616EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.23 views

Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin

NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These passwords can be viewed by attackers with Item/Extended Read permission or access to the Jenkins controller file...

6.5CVSS6.5AI score0.00636EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/16 12:0 p.m.33 views

GHSA-VJ5R-MMP4-3HRX SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. Currently, there are no known workarounds or patches...

5.9CVSS7.6AI score0.00396EPSS
Exploits0References4
NVD
NVD
added 2022/11/15 8:15 p.m.29 views

CVE-2022-45391

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 8:15 p.m.27 views

CVE-2022-45392

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS0.00636EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 8:15 p.m.5 views

CVE-2022-45392

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2022/11/15 8:15 p.m.44 views

CVE-2022-38666

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features...

7.5CVSS0.00396EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.5 views

PT-2022-27493 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.143 and earlier Description: The issue concerns the global and unconditional disabling of SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

7.5CVSS7.4AI score0.00396EPSS
Exploits0References8
Rows per page
Query Builder