CloudBees Jenkins chosen-views-tabbar Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2020-52608)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Custom Job Icon plugi...

PT-2020-15495 · Jenkins · Jenkins Clearcase Release Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ClearCase Release Plugin version 0.3 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the composite baseline in the badge tooltip is not properly escaped, allowing...

PT-2020-15487 · Jenkins · Jenkins Android Lint Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Android Lint Plugin versions 2.6 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the annotation message in tooltips. This can be exploited ...

CloudBees Jenkins XXE Vulnerability (CNVD-2020-50958)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A XXE vulnerability exists in...

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51391)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

CVE-2020-24314

Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

WordPress Responsive Lightbox2 1.0.2 Cross Site Scripting

Exploit Title: WordPress Responsive Lightbox2 Plugin v1.0.2 - Persistent Cross-Site Scripting Date: 2020-08-14 Vendor Homepage: https://noorsplugin.com/ Vendor Changelog: https://wordpress.org/plugins/responsive-lightbox2/developers Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...

PT-2020-5832 · Jenkins · Jenkins Flaky Test Handler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Flaky Test Handler Plugin versions 1.0.4 and earlier Description: The issue is related to a cross-site request forgery CSRF vulnerability in the "Deflake this build" feature of the Jenkins Flaky Test Handler Plugin. This vulnerability...

PT-2020-15453 · Jenkins · Jenkins Email Extension Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Email Extension Plugin versions 2.72 through 2.73 Description: The issue concerns the transmission and display of the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure...

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

PT-2020-15416 · Jenkins · Jenkins Fortify On Demand Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Plugin versions 6.0.0 and earlier Description: A missing permission check in form-related methods of the Jenkins Fortify on Demand Plugin allowed users with Overall/Read access to enumerate credentials ID of...

PT-2020-12810 · Algolplus · Algolplus Advanced Order Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: AlgolPlus Advanced Order Export For WooCommerce plugin version 3.1.3 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the woe post type parameter in the "view/settings-form.php"...

CVE-2020-8435

An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rmanalyticsshowform rmformid parameter...

PT-2020-15341 · Jenkins · Jenkins Parasoft Environment Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Parasoft Environment Manager Plugin versions 2.14 and earlier Description: The issue allows unauthorized access to unencrypted passwords stored in job config.xml files on the Jenkins master. Users with Extended Read permission or acce...

VulnCheck KEV: CVE-2019-1003000

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM...

Exploit for Improper Certificate Validation in Microsoft

It is an offensive tool for network detection, specifically a Ze...

CVE-2019-20204

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/ at the beginning and a crafted SVG element...

CloudBees Jenkins Alauda Kubernetes Suport plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

jenkins-script-security-plugin: handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts...