Lucene search
K

113 matches found

OSV
OSV
added 2022/11/15 8:15 p.m.4 views

CVE-2022-45398

A cross-site request forgery CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...

4.3CVSS5.7AI score0.00361EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 8:15 p.m.35 views

CVE-2022-45399

A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...

4.3CVSS0.00531EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 8:15 p.m.18 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...

4.3CVSS4.6AI score0.00361EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/15 12:0 a.m.281 views

CVE-2022-45398

Summary (CVE-2022-45398): A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin

4.3CVSS4.9AI score0.00361EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.5 views

PT-2022-27500 · Jenkins · Jenkins Cluster Statistics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cluster Statistics Plugin versions 0.4.6 and earlier Description: A cross-site request forgery CSRF issue allows attackers to delete recorded Jenkins Cluster Statistics. This can be exploited by attackers to manipulate the system...

4.3CVSS4.5AI score0.00361EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.4 views

PT-2022-27501 · Jenkins · Jenkins Cluster Statistics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cluster Statistics Plugin versions 0.4.6 and earlier Description: A missing permission check in the Jenkins Cluster Statistics Plugin allows attackers to delete recorded Jenkins Cluster Statistics. This issue is related to an HTTP...

4.3CVSS4.3AI score0.00531EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.6 views

CVE-2022-45399

A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...

6.6AI score0.00531EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.288 views

CVE-2022-45399

CVE-2022-45399 : Jenkins Cluster Statistics Plugin up to version 0.4.6 contains a missing permission check on its HTTP endpoint, enabling attackers (with Overall/Read) to delete recorded Cluster Statistics. The description does not specify a patch version or mitigation, and no exploitation detail...

4.3CVSS4.8AI score0.00531EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.32 views

CVE-2022-45398

A cross-site request forgery CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...

5.3AI score0.00361EPSS
Exploits0References2
OSV
OSV
added 2022/06/13 5:15 a.m.3 views

CVE-2022-27231

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product...

6.1CVSS6.4AI score0.00969EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/08 10:15 a.m.8 views

CVE-2022-1005

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUESTURI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting XSS in web browsers which do not encode characters...

6.1CVSS6.3AI score0.00857EPSS
Exploits2References2
OSV
OSV
added 2022/05/24 5:45 p.m.3 views

GHSA-XV69-6RF3-W5G2 Missing permission check in Jenkins Cloud Statistics Plugin

Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. Jenkins Cloud Statistics Plugin 0.27 requires...

4.3CVSS5.9AI score0.00801EPSS
Exploits0References5
Patchstack
Patchstack
added 2022/05/10 12:0 a.m.59 views

WordPress WP Statistics plugin <= 13.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Taurus Omar in WordPress WP Statistics plugin versions = 13.2.1. Solution Update the WordPress WP Statistics plugin to the latest available version at least 13.2.2...

6.1CVSS1.9AI score0.00857EPSS
Exploits2References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/03/13 12:0 a.m.11 views

WordPress WP Statistics Plugin SQL Injection (CVE-2022-25148)

An SQL injection vulnerability exists in WordPress WP Statistics Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

5CVSS3.2AI score0.81363EPSS
Exploits4
NVD
NVD
added 2022/03/07 9:15 a.m.22 views

CVE-2022-0410

The WP Visitor Statistics Real Time Traffic WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection...

8.8CVSS0.01297EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/02/24 7:15 p.m.7 views

CVE-2022-25148

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpageid parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

9.8CVSS7.3AI score0.81363EPSS
Exploits4References6Affected Software1
NVD
NVD
added 2022/02/24 7:15 p.m.24 views

CVE-2022-25306

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the /includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when...

7.2CVSS0.01357EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.10 views

WordPress plugin WP Statistics SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Statistics plugin 13.1.5 and earlier versions are vulnerable to SQL injection, which can be exploited by attackers to...

9.8CVSS6.1AI score0.81363EPSS
Exploits4References6
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.3 views

WordPress plugin WP Statistics 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress WP Statistics plugin 13.1.5 and earlier versions have a cross-site scripting vulnerability that can be exploited...

7.2CVSS5.5AI score0.01357EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.5 views

WordPress plugin WP Statistics SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin WP Statistics is vulnerable to SQL...

9.8CVSS6AI score0.3298EPSS
Exploits1References4
Rows per page
Query Builder