Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

Showdoc 2.10.3 Cross Site Scripting

Showdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#mac#git#auth
OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization

OpenCart So Listing Tabs component versions 2.2.0 and below suffer from a deserialization vulnerability that can allow for arbitrary file writes.

T-Soft E-Commerce 4 Cross Site Scripting

T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.

Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting

Survey Sparrow Enterprise Survey Software 2022 suffers from a persistent cross site scripting vulnerability.

CVE-2022-30073: GitHub - APTX-4879/CVE

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.

CVE-2022-30946: security - Multiple vulnerabilities in Jenkins plugins

A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.

CVE-2022-30963: Jenkins Security Advisory 2022-05-17

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2022-30969: Jenkins Security Advisory 2022-05-17

A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.

CVE-2022-30971: Jenkins Security Advisory 2022-05-17

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2022-30955: Jenkins Security Advisory 2022-05-17

Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.