Lucene search
K

79 matches found

OSV
OSV
added 2023/04/02 9:30 p.m.20 views

GHSA-H9H3-JX58-6HQQ Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression. This results in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

8CVSS5.3AI score0.00571EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.50 views

Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression. This results in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

5.4CVSS5.2AI score0.00571EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/04/02 9:15 p.m.20 views

CVE-2023-28679

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

5.4CVSS5.9AI score0.00571EPSS
Exploits0References1
OSV
OSV
added 2023/04/02 9:15 p.m.12 views

CVE-2023-28679

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

5.4CVSS5.4AI score
Exploits0References1
Prion
Prion
added 2023/04/02 9:15 p.m.11 views

Cross site scripting

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

4.9CVSS5.2AI score0.00571EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/23 11:26 a.m.6 views

CVE-2023-28679

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

5.2AI score0.00571EPSS
Exploits0References1
CVE
CVE
added 2023/03/23 11:26 a.m.253 views

CVE-2023-28679

Summary: CVE-2023-28679 affects Jenkins Mashup Portlets Plugin (versions ≤ 1.1.2). The vulnerability is a stored cross-site scripting (XSS) flaw introduced by the Generic JS Portlet feature, which allows a user to populate a portlet with a custom JavaScript expression. The issue can be exploited ...

5.4CVSS5.1AI score0.00571EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/23 11:26 a.m.23 views

CVE-2023-28679

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

5.6AI score0.00571EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.7 views

PT-2023-21898 · Jenkins · Jenkins Mashup Portlets Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mashup Portlets Plugin versions 1.1.2 and earlier Description: The issue is related to the "Generic JS Portlet" feature, which allows users to populate a portlet using a custom JavaScript expression. This results in a stored cross-sit...

5.4CVSS5AI score0.00571EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 4:50 p.m.8 views

GHSA-9P5V-6P5F-F28H Stored credentials unencrypted in Jenkins Mashup Portlets Plugin

Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system...

8.8CVSS8.7AI score0.01832EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/06/16 5:24 p.m.60 views

Cross-site Scripting in Jenkins Dashboard View Plugin

Jenkins Dashboard View Plugin prior to 2.16 and 2.12.1 does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission. As part of this fix, the property for image URLs was changed fr...

5.4CVSS4.9AI score0.72678EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/05/11 3:15 p.m.52 views

CVE-2021-21649

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...

5.4CVSS0.72678EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/05/11 12:0 a.m.5 views

PT-2021-14692 · Jenkins · Jenkins Dashboard View Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Dashboard View Plugin versions 2.15 and earlier Jenkins Dashboard View Plugin versions prior to 2.16 Jenkins Dashboard View Plugin version 2.12.1 and earlier Description: The issue is related to a stored cross-site scripting XSS...

5.4CVSS5.1AI score0.72678EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2021/04/07 9:14 p.m.5 views

plone-app-portlets (>=5.0.0a3 <=5.0.0a4) potentially affected by CVE-2020-28736 via plone-app-event (=3.2.1)

plone-app-event PYPI version =3.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-event and may be impacted: - plone-app-portlets =5.0.0a3, =5.0.0a4 Source cves: CVE-2020-28736 Source advisory: OSV:GHSA-2C8C-84W2-J38J...

8.8CVSS7.2AI score0.01066EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/07 9:13 p.m.5 views

plone-app-portlets (>=5.0.0a3 <=5.0.0a4) potentially affected by CVE-2020-28735 via plone-app-event (=3.2.1)

plone-app-event PYPI version =3.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-event and may be impacted: - plone-app-portlets =5.0.0a3, =5.0.0a4 Source cves: CVE-2020-28735 Source advisory: OSV:GHSA-X7WF-5MJC-6X76...

8.8CVSS7.2AI score0.01066EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/07 9:13 p.m.3 views

plone-app-portlets (>=5.0.0a3 <=5.0.0a4) potentially affected by CVE-2020-28734 via plone-app-event (=3.2.1)

plone-app-event PYPI version =3.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-event and may be impacted: - plone-app-portlets =5.0.0a3, =5.0.0a4 Source cves: CVE-2020-28734 Source advisory: OSV:GHSA-WQ6X-G685-W5F2...

8.8CVSS7.2AI score0.01066EPSS
Exploits0
OSV
OSV
added 2021/02/02 9:15 p.m.3 views

CVE-2020-4081

In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting XSS...

6.1CVSS5.7AI score0.00634EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/15 12:0 a.m.35 views

Unspecified Vulnerability in CloudBees Jenkins Mashup Portlets Plugin

CloudBees Jenkins Hudson Labs is a set of Java-based development of the United States CloudBees continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed execution of the task . Mashup Portlets Plugin is used ...

8.8CVSS6.9AI score0.01832EPSS
Exploits0References1
CVE
CVE
added 2019/07/11 1:55 p.m.50 views

CVE-2019-10347

The CVE-2019-10347 issue affects the Jenkins Mashup Portlets Plugin (e.g., CloudBees Jenkins Mashup Portlets) where credentials are stored in plaintext on the Jenkins master filesystem. Root cause per sources is unencrypted credential storage that allows users with master-file-system access to vi...

8.8CVSS8.6AI score0.01832EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/11 1:55 p.m.20 views

CVE-2019-10347

Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system...

8.7AI score0.01832EPSS
Exploits0References3
Rows per page
Query Builder