PT-2024-39212 · WordPress · Lucas String Replace

Name of the Vulnerable Software and Affected Versions: Lucas String Replace plugin for WordPress versions up to, and including, 2.0.5 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts...

jenkins: Reflected XSS vulnerability in markup formatter preview

A flaw was found in jenkins. A cross-site scripting XSS vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat...