14 matches found
CVE-2025-8268
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the restlist and deletefiles functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded ...
CVE-2025-8268
The CVE-2025-8268 entry concerns the WordPress AI Engine plugin (versions up to 2.9.5) with a missing capability check in the rest_list and delete_files paths, enabling unauthenticated attackers to list and delete files uploaded by other users. Impact per sources: unauthorized access and data los...
CVE-2022-34196
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins REST List Parameter Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...
CVE-2022-34196
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34196
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34196
CVE-2022-34196 affects Jenkins with the REST List Parameter Plugin prior to 1.6.0. The plugin does not escape the name and description of REST list parameters on parameter-displaying views, causing a stored XSS vulnerability exploitable by attackers who have Item/Configure permission. Connected a...
CVE-2022-34196
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins Plugin REST List Parameter 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...
PT-2022-22065 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins REST List Parameter Plugin versions 1.5.2 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name and description of REST list parameters on views...
Stored XSS vulnerability in Jenkins REST List Parameter Plugin
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Jenkins REST List Parameter Plugin 1.3.1 no longer...
CVE-2021-21635
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
Cross site scripting
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2021-21635
CVE-2021-21635 affects Jenkins REST List Parameter Plugin up to version 1.3.0. The issue is a stored XSS vulnerability caused by not escaping a parameter name reference in embedded JavaScript, exploitable by an attacker with Job/Configure permission. The linked OSV/GHSA entries confirm the vulner...