Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task...

CVE-2022-23115

The CVE-2022-23115 entry concerns a CSRF vulnerability in the Jenkins batch task Plugin (versions 1.19 and earlier). An attacker with Overall/Read access can retrieve logs and also build or delete a batch task. This vulnerability is corroborated by multiple security advisories in the connected da...

CVE-2022-23115

Cross-site request forgery CSRF vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task...

PT-2022-15858 · Jenkins · Jenkins Batch Task Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins batch task Plugin versions 1.19 and earlier Description: The issue allows attackers with Overall/Read access to perform certain actions due to cross-site request forgery CSRF vulnerabilities. These actions include retrieving logs,...

Jenkins Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins batch task Plugin 1.19 and earlier versions are vulnerable to cross-site request forgery. An attacker with...

CVE-2022-21861

Task Flow Data Engine Elevation of Privilege Vulnerability...

CVE-2022-21861

Task Flow Data Engine Elevation of Privilege Vulnerability...

CVE-2022-21861

Task Flow Data Engine Elevation of Privilege Vulnerability...

Privilege escalation

Task Flow Data Engine Elevation of Privilege Vulnerability...

CVE-2022-21861 Task Flow Data Engine Elevation of Privilege Vulnerability

...

CVE-2022-21861

Technical details about CVE-2022-21861 are not provided in the connected documents; publicly available content in the initial entry is limited to a high-level description and scores. Monitor for updates.

CVE-2021-37195

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS accepts arbitrary code as...

Task Flow Data Engine Elevation of Privilege Vulnerability

...

PT-2022-15171 · Unknown +1 · Task Flow Data Engine +1

Name of the Vulnerable Software and Affected Versions: Task Flow Data Engine affected versions not specified Description: An elevation-of-privilege issue allows attackers to affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for th...

Microsoft Windows权限许可和访问控制问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A vulnerability exists in Microsoft Windows Task Flow Data Engine with privilege permission and access control issues. The following products and editions are affected: Windows 10 Version...

The vulnerability of Google Chrome’s browser task managers, related to the use of memory after it is freed, allows a hacker to execute arbitrary commands.

The vulnerability of Google Chrome’s browser tasks handler is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

DayByDay CRM Cross-Site Scripting Vulnerability (CNVD-2022-68549)

DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. A cross-site scripting vulnerability exists in DayByDay CRM. The vulnerability stems from the title field of a new task in the product...

CVE-2021-23727

A command injection vulnerability was found in the distributed task queue celery, which can lead to remote code execution. An attacker with access to backend results can reconstruct the exception class to act as a command payload which can be queried to the task to execute...

Cross site scripting

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...

CVE-2022-22109 DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...