Lucene search
K

114 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.9 views

CVE-2021-21649

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...

5.4CVSS5.4AI score0.72678EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.7 views

CVE-2021-21680

Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity XXE attacks...

7.1CVSS6.7AI score0.01321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:13 p.m.7 views

CVE-2020-2263

Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5.4AI score0.00735EPSS
Exploits0
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.4 views

WordPress WooCommerce Quick View plugin <= 1.1.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mika in WordPress Plugin WooCommerce Quick View versions = 1.1.1...

5.3CVSS7AI score0.00467EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/08 4:25 p.m.5 views

WordPress RSV 360 View plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin RSV 360 View versions = 1.0...

6.5CVSS6.1AI score0.00302EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/21 6:26 p.m.15 views

CKAN has Cross-site Scripting vector in the Datatables view plugin

The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Impact Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to...

6.8CVSS6AI score0.00377EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/08/21 2:34 p.m.56 views

CVE-2024-41675

CKAN 2.7.0+ with the datatables_view plugin (a core CKAN component) is affected: the Datatables view failed to properly escape data from the DataStore, creating an XSS vector. The issue is fixed in CKAN 2.10.5 and 2.11.0. Affected sites should upgrade to one of these versions to remediate; the pl...

6.8CVSS6.4AI score0.00377EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.10 views

PT-2024-29500 · Ckan +2 · Datatables View Plugin +3

Name of the Vulnerable Software and Affected Versions: CKAN versions 2.7.0 through 2.10.4 CKAN version 2.11.0 is not affected, but versions prior to 2.11.0 are vulnerable if they are earlier than 2.10.5. Description: The Datatables view plugin in CKAN did not properly escape record data coming fr...

6.8CVSS6.3AI score0.00377EPSS
Exploits0References12
Prion
Prion
added 2024/03/06 5:15 p.m.34 views

Cross site scripting

Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure Build Monitor Views...

5.4AI score0.80173EPSS
Exploits0References1
CVE
CVE
added 2024/03/06 5:1 p.m.83 views

CVE-2024-28156

CVE-2024-28156 affects Jenkins Build Monitor View Plugin (versions ≤ 1.14-860.vd06ef2568b_3f). The root cause is that Build Monitor View names are not escaped, which enables stored cross-site scripting (XSS) when an attacker can configure Build Monitor Views. Multiple sources corroborate: Red Hat...

5.4CVSS5.3AI score0.80173EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/16 3:15 p.m.2 views

CVE-2023-40351

A cross-site request forgery CSRF vulnerability in Jenkins Favorite View Plugin 5.v77a37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/16 2:32 p.m.36 views

CVE-2023-40351

A cross-site request forgery CSRF vulnerability in Jenkins Favorite View Plugin 5.v77a37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar...

5.3AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/16 2:32 p.m.15 views

CVE-2023-40351

A cross-site request forgery CSRF vulnerability in Jenkins Favorite View Plugin 5.v77a37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar...

7AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2023/08/16 2:32 p.m.253 views

CVE-2023-40351

CVE-2023-40351 affects Jenkins Favorite View Plugin (version 5.v77a_37f62782d and earlier). The underlying issue is a cross-site request forgery (CSRF) vulnerability that enables an attacker to add or remove views from another user’s Favorite Views tab bar. Multiple connected sources (NVD/NESus a...

4.3CVSS4.5AI score0.00276EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress Easy Order View Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Easy Order View Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 06032b452cdb Credits Rafie Muhammad Patchstack Required...

6.5AI score0.00284EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/05/18 9:15 a.m.53 views

CVE-2023-30868

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jon Christopher CMS Tree Page View plugin = 1.6.7 versions...

7.1CVSS6.2AI score0.03995EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2023/05/17 5:53 p.m.6 views

jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin

A Cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an authenticated attacker to access Jenkins builds, bypassing CSRF protections...

6.5CVSS5.7AI score0.00443EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/05/09 3:28 p.m.12 views

CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

5.4CVSS5.2AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2023/05/09 3:28 p.m.23 views

CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

5.4CVSS5.2AI score0.00369EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.33 views

Jenkins Pipeline Aggregator View Plugin vulnerable to Cross-site Scripting

Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission. Version 1.14 obtains the...

5.4CVSS5.2AI score0.00456EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder