6 matches found
EUVD-2022-4966
Malicious code in bioql PyPI...
EUVD-2022-3431
Malicious code in bioql PyPI...
GHSA-XPVP-H73C-M9RQ Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control tooltips for this component. As of publication,...
PT-2022-22339 · Jenkins · Jenkins Matrix Reloaded Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Reloaded Plugin versions 1.1.3 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the agent name in tooltips is not properly escaped, allowing attackers with...
jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips
A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with a single axis which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
PT-2020-15450 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.251 and earlier Jenkins LTS versions 2.235.3 and earlier Description: The issue results from the failure to escape the tooltip content of help icons, leading to a stored cross-site scripting XSS vulnerability. The tooltip...