#xss

Showdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability.

OpenCart So Listing Tabs component versions 2.2.0 and below suffer from a deserialization vulnerability that can allow for arbitrary file writes.

T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.

Survey Sparrow Enterprise Survey Software 2022 suffers from a persistent cross site scripting vulnerability.

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.

A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.