79 matches found
GHSA-H9H3-JX58-6HQQ Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression. This results in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression. This results in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
CVE-2023-28679
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
CVE-2023-28679
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
Cross site scripting
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
CVE-2023-28679
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
CVE-2023-28679
Summary: CVE-2023-28679 affects Jenkins Mashup Portlets Plugin (versions ≤ 1.1.2). The vulnerability is a stored cross-site scripting (XSS) flaw introduced by the Generic JS Portlet feature, which allows a user to populate a portlet with a custom JavaScript expression. The issue can be exploited ...
CVE-2023-28679
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
PT-2023-21898 · Jenkins · Jenkins Mashup Portlets Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mashup Portlets Plugin versions 1.1.2 and earlier Description: The issue is related to the "Generic JS Portlet" feature, which allows users to populate a portlet using a custom JavaScript expression. This results in a stored cross-sit...
GHSA-9P5V-6P5F-F28H Stored credentials unencrypted in Jenkins Mashup Portlets Plugin
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system...
Cross-site Scripting in Jenkins Dashboard View Plugin
Jenkins Dashboard View Plugin prior to 2.16 and 2.12.1 does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission. As part of this fix, the property for image URLs was changed fr...
CVE-2021-21649
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...
PT-2021-14692 · Jenkins · Jenkins Dashboard View Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dashboard View Plugin versions 2.15 and earlier Jenkins Dashboard View Plugin versions prior to 2.16 Jenkins Dashboard View Plugin version 2.12.1 and earlier Description: The issue is related to a stored cross-site scripting XSS...
plone-app-portlets (>=5.0.0a3 <=5.0.0a4) potentially affected by CVE-2020-28736 via plone-app-event (=3.2.1)
plone-app-event PYPI version =3.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-event and may be impacted: - plone-app-portlets =5.0.0a3, =5.0.0a4 Source cves: CVE-2020-28736 Source advisory: OSV:GHSA-2C8C-84W2-J38J...
plone-app-portlets (>=5.0.0a3 <=5.0.0a4) potentially affected by CVE-2020-28735 via plone-app-event (=3.2.1)
plone-app-event PYPI version =3.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-event and may be impacted: - plone-app-portlets =5.0.0a3, =5.0.0a4 Source cves: CVE-2020-28735 Source advisory: OSV:GHSA-X7WF-5MJC-6X76...
plone-app-portlets (>=5.0.0a3 <=5.0.0a4) potentially affected by CVE-2020-28734 via plone-app-event (=3.2.1)
plone-app-event PYPI version =3.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-event and may be impacted: - plone-app-portlets =5.0.0a3, =5.0.0a4 Source cves: CVE-2020-28734 Source advisory: OSV:GHSA-WQ6X-G685-W5F2...
CVE-2020-4081
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting XSS...
Unspecified Vulnerability in CloudBees Jenkins Mashup Portlets Plugin
CloudBees Jenkins Hudson Labs is a set of Java-based development of the United States CloudBees continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed execution of the task . Mashup Portlets Plugin is used ...
CVE-2019-10347
The CVE-2019-10347 issue affects the Jenkins Mashup Portlets Plugin (e.g., CloudBees Jenkins Mashup Portlets) where credentials are stored in plaintext on the Jenkins master filesystem. Root cause per sources is unencrypted credential storage that allows users with master-file-system access to vi...
CVE-2019-10347
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system...