33 matches found
XML External Entity (XXE) Injection
Jenkins TestComplete support Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the XML parser not being securely configured to disable external entity processing, allowing attackers to supply crafted XML that can access local files or trigger external network...
EUVD-2023-1477
Malicious code in bioql PyPI...
EUVD-2023-0467
Malicious code in bioql PyPI...
CVE-2023-24443
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-33002
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross-site Scripting (XSS)
Jenkins TestComplete Support Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to lack of escaping of the TestComplete project name in its test result page which allows an attacker to inject and execute arbitrary javascript...
GHSA-5WPG-QCMJ-48WH TestComplete support Plugin vulnerable to stored Cross-site Scripting
TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name in its test result page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix...
TestComplete support Plugin vulnerable to stored Cross-site Scripting
TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name in its test result page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix...
CVE-2023-33002
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2023-33002
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2023-33002
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2023-33002
CVE-2023-33002 affects Jenkins TestComplete support Plugin (versions 2.8.1 and earlier). The root cause is that the plugin does not escape the TestComplete project name in its test result page, enabling stored XSS. Impact is limited to attackers with Item/Configure permission who can exploit the ...
CVE-2023-33002
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins TestComplete support Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
GHSA-G5MJ-C26G-VMPM XML Entity Expansion in Jenkins TestComplete support Plugin
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
XML Entity Expansion in Jenkins TestComplete support Plugin
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-24443
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-24443
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...