3 matches found
CVE-2015-3160
CVE-2015-3160 relates to an XML external entity (XXE) vulnerability in Beaker’s Beaker project, specifically in the bkr/server/jobs.py module. Before version 20.1, remote authenticated users can submit job XML containing entity references that reference files on the Beaker server’s filesystem, po...
CVE-2015-3162
CVE-2015-3162 affects Beaker 20.1 in the Beaker project. Description: a Cross-site scripting (XSS) vulnerability in the edit comment dialog (bkr/server/widgets.py) enables remote authenticated users to inject arbitrary web script or HTML by writing a crafted comment on an acknowledged or nacked c...
CVE-2015-3161
The CVE affects Beaker prior to version 20.1. The search bar code in bkr/server/widgets.py fails to escape tags in string literals when producing JSON, enabling potential cross‑site/script injection via JSON output. The Beaker vulnerability is described consistently across sources (NVD/NVD-deriv...