4026 matches found
Jenkins Nested View Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could exploit this vulnerability to perform cross-site scripting...
CVE-2022-34182
Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2022-34182
Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2022-34182
Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability...
Cross site scripting
Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability...
jackson-databind: denial of service via a large depth of nested objects
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
CVE-2022-34182
CVE-2022-34182 affects Jenkins Nested View Plugin, versions 1.20–1.25. The vulnerability is a reflected cross-site scripting (XSS) due to the plugin not escaping search parameters in user input. The issue is addressed in version 1.26, which escapes search parameters. Therefore, upgrading to 1.26+...
CVE-2022-34182
Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability...
Jenkins Plugin Nested View 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could exploit this vulnerability to perform cross-site scripting...
PT-2022-22050 · Jenkins · Jenkins Nested View Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Nested View Plugin versions 1.20 through 1.25 Description: The issue is related to a reflected cross-site scripting XSS vulnerability. This occurs because the plugin does not escape search parameters. No information is provided about...
Stack overflow in rustc_serialize when parsing deeply nested JSON
When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...
Framework: Data Binding Rules Vulnerability
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...
jackson-databind: denial of service via a large depth of nested objects
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
CVE-2022-20154
In locksocknested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
jackson-databind: denial of service via a large depth of nested objects
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
jackson-databind: denial of service via a large depth of nested objects
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
jackson-databind: denial of service via a large depth of nested objects
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
WordPress Nested Pages plugin <= 3.1.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Bahl eSec Forte Technologies Pvt Ltd in WordPress Nested Pages plugin versions = 3.1.20. Solution Update the WordPress Nested Pages plugin to the latest available version at least 3.1.21...
Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting
The plugin does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed Put the following payload on the "Menu Name" settings of the plugin: "onmouseover=alert"XSS"//...
GHSA-V8X6-59G4-5G3W Denial of service binding form from JSON in Play Framework
Impact A denial-of-service vulnerability has been discovered in Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the Formbind method directly on a JSON value. If the JSON data being bound to the form...