22 matches found
EUVD-2022-30466
Malicious code in bioql PyPI...
EUVD-2022-2134
Malicious code in bioql PyPI...
CVE-2022-25826
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log...
CVE-2018-1000177
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in...
Apache Traffic Server Information Disclosure Vulnerability (CNVD-2023-93322)
Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an information disclosure vulnerability that stems from the application exposing sensitive information and is vulnerable to HTTP/2 and s3...
WordPress plugin Amazon S3 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
PT-2023-16261 · WordPress · Wordpress Amazon S3 Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Amazon S3 Plugin versions prior to 1.6 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This...
SUSE CVE-2018-1000177
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in...
AWS secrets displayed without masking by Jenkins S3 Explorer Plugin
S3 Explorer Plugin stores AWSSECRETACCESSKEY in its global configuration file s3explorer.xml on the Jenkins controller as part of its configuration. While this secret is stored encrypted on disk, in S3 Explorer Plugin 1.0.8 and earlier the global configuration form does not mask the...
Stored XSS vulnerability in Jenkins S3 Publisher Plugin
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in...
GHSA-3892-QQV6-H2QM Stored XSS vulnerability in Jenkins S3 Publisher Plugin
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in...
CVE-2022-25826
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log...
CVE-2022-25826
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log...
Samsung Galaxy S3 Plugin 日志信息泄露漏洞
The SAMSUNG Galaxy S3 Plugin is a component of the Samsung Gear application from Samsung South Korea. A log information disclosure vulnerability exists in versions prior to Samsung Galaxy S3 Plugin 2.2.03.22012751, which allows an attacker to access password information for WiFiAp in the log...
CVE-2022-25826
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log...
CVE-2022-25826
CVE-2022-25826 corresponds to an information exposure in the Galaxy S3 Plugin prior to version 2.2.03.22012751. Multiple connected sources confirm that the issue allows access to password information for the connected WiFi AP via logs, with the Galaxy S3 Plugin versions before the cited build bei...
CVE-2021-21651
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...
CVE-2018-1000177
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in...
CVE-2018-1000177
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in...
Cross site scripting
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in...