Lucene search
K

27433 matches found

OSV
OSV
added 2022/05/13 1:30 a.m.18 views

GHSA-7W89-QQXX-C62R Cross-site Scripting in Jenkins Build Failure Analyzer plugin

Cross-site scripting XSS vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

6.1CVSS6.1AI score0.01229EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:30 a.m.2 views

GHSA-MR4J-7JJV-24M7 Jenkins Extra Columns Plugin allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter...

5.4CVSS5.4AI score0.01157EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:30 a.m.5 views

Jenkins allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message...

4.3CVSS5.2AI score0.01786EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:26 a.m.23 views

Kallithea cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...

5.4CVSS5.9AI score0.00944EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2022/05/13 1:26 a.m.7 views

GHSA-FH5C-7GMG-XMP6 Kallithea cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...

5.4CVSS5.5AI score0.00944EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:13 a.m.17 views

Symphony CMS XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 emailsendmailfromname, 2 emailsendmailfromaddress, 3 emailsmtpfromname, 4 emailsmtpfromaddress, 5...

6.1CVSS6.1AI score0.01767EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:13 a.m.22 views

Silverstripe CMS XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.0 before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Locale or 2 FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm...

6.1CVSS6AI score0.01535EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/13 1:13 a.m.21 views

GHSA-4C5W-QQFG-GRF3 Symphony CMS XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 emailsendmailfromname, 2 emailsendmailfromaddress, 3 emailsmtpfromname, 4 emailsmtpfromaddress, 5...

6.1CVSS6.1AI score0.01767EPSS
Exploits1References6
OSV
OSV
added 2022/05/13 1:13 a.m.13 views

GHSA-GVC8-XJFP-6569 Silverstripe CMS XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.0 before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Locale or 2 FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm...

6.1CVSS6.1AI score0.01535EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:13 a.m.18 views

Moodle vulnerable to XSS via bundled spikephpcoverage library

Cross-site scripting XSS vulnerability in the Spike PHPCoverage aka spikephpcoverage library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.03619EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/13 1:13 a.m.25 views

GHSA-MX5G-3VXH-RGM8 Moodle vulnerable to XSS via bundled spikephpcoverage library

Cross-site scripting XSS vulnerability in the Spike PHPCoverage aka spikephpcoverage library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.5AI score0.03619EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/13 1:13 a.m.10 views

Moodle vulnerable to Cross-Site Scripting

Cross-site scripting XSS vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment...

4.3CVSS5.6AI score0.01187EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/13 1:13 a.m.3 views

GHSA-H6PX-PVFH-Q2JV Moodle vulnerable to Cross-Site Scripting

Cross-site scripting XSS vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment...

5.1CVSS5.1AI score0.01187EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/13 1:13 a.m.31 views

phpCAS client library and Moodle Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

4.3CVSS6AI score0.01813EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2022/05/13 1:13 a.m.19 views

GHSA-6656-6QWX-4C2M Moodle XSS In Tag Autocomplete functionality

Cross-site scripting XSS vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.4AI score0.01832EPSS
Exploits0References7
OSV
OSV
added 2022/05/13 1:13 a.m.17 views

GHSA-45CH-HXGR-VX8J phpCAS client library and Moodle Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

4.3CVSS5.2AI score0.01813EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:13 a.m.11 views

Moodle vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...

4.3CVSS5.7AI score0.01669EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.32 views

Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

3.5CVSS5.6AI score0.01457EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.18 views

GHSA-89F3-74M6-G27G Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

3.5CVSS7.6AI score0.01457EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.19 views

YUI Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary we...

4.3CVSS6AI score0.01187EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder