114 matches found
CVE-2021-21649
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...
CVE-2021-21680
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity XXE attacks...
CVE-2020-2263
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
WordPress WooCommerce Quick View plugin <= 1.1.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Mika in WordPress Plugin WooCommerce Quick View versions = 1.1.1...
WordPress RSV 360 View plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin RSV 360 View versions = 1.0...
CKAN has Cross-site Scripting vector in the Datatables view plugin
The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Impact Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to...
CVE-2024-41675
CKAN 2.7.0+ with the datatables_view plugin (a core CKAN component) is affected: the Datatables view failed to properly escape data from the DataStore, creating an XSS vector. The issue is fixed in CKAN 2.10.5 and 2.11.0. Affected sites should upgrade to one of these versions to remediate; the pl...
PT-2024-29500 · Ckan +2 · Datatables View Plugin +3
Name of the Vulnerable Software and Affected Versions: CKAN versions 2.7.0 through 2.10.4 CKAN version 2.11.0 is not affected, but versions prior to 2.11.0 are vulnerable if they are earlier than 2.10.5. Description: The Datatables view plugin in CKAN did not properly escape record data coming fr...
Cross site scripting
Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure Build Monitor Views...
CVE-2024-28156
CVE-2024-28156 affects Jenkins Build Monitor View Plugin (versions ≤ 1.14-860.vd06ef2568b_3f). The root cause is that Build Monitor View names are not escaped, which enables stored cross-site scripting (XSS) when an attacker can configure Build Monitor Views. Multiple sources corroborate: Red Hat...
CVE-2023-40351
A cross-site request forgery CSRF vulnerability in Jenkins Favorite View Plugin 5.v77a37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar...
CVE-2023-40351
A cross-site request forgery CSRF vulnerability in Jenkins Favorite View Plugin 5.v77a37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar...
CVE-2023-40351
A cross-site request forgery CSRF vulnerability in Jenkins Favorite View Plugin 5.v77a37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar...
CVE-2023-40351
CVE-2023-40351 affects Jenkins Favorite View Plugin (version 5.v77a_37f62782d and earlier). The underlying issue is a cross-site request forgery (CSRF) vulnerability that enables an attacker to add or remove views from another user’s Favorite Views tab bar. Multiple connected sources (NVD/NESus a...
WordPress Easy Order View Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Easy Order View Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 06032b452cdb Credits Rafie Muhammad Patchstack Required...
CVE-2023-30868
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jon Christopher CMS Tree Page View plugin = 1.6.7 versions...
jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin
A Cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an authenticated attacker to access Jenkins builds, bypassing CSRF protections...
CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin
Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...
CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin
Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...
Jenkins Pipeline Aggregator View Plugin vulnerable to Cross-site Scripting
Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission. Version 1.14 obtains the...