3 matches found
GHSA-4333-387X-W245 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Blog Tag Name Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Tag Name in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inje...
EUVD-2022-27264
Malicious code in bioql PyPI...
GHSA-JPXJ-VGQ5-PRJC OS command execution vulnerability in Jenkins Docker Commons Plugin
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...