The vulnerability of the Jenkins automation server arises from improper handling of input during the creation of web pages. This allows attackers to carry out attacks using XSS techniques, with the ability to manipulate files in the working areas.

The vulnerability of the Jenkins automation server relates to the absence of a protection mechanism for the value of the “caption” parameter in the ExpandableDetailsNote configuration. Exploiting this vulnerability allows an attacker to carry out attacks using XSS techniques, with the ability to...

Mail.ru: api.icq.com / отсутсвие лимита на отправку сообщений удаляя параметр защиты "&r"

Researcher reported removing r= parameter from request allows to bypass rate limits. This claim was not confirmed, r= paramter protects message from intermediate caching and prevents sending the same message twice in the case of network failure, it does not affect any ratelimits, no security...