Page 17 of 236 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario en el plugin Violations. • http://www.openwall.com/lists/oss-security/2012/09/21/2 https://security-tracker.debian.org/tracker/CVE-2012-4440 https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una URL diseñada que apunta a Jenkins. • http://www.openwall.com/lists/oss-security/2012/09/21/2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439 https://security-tracker.debian.org/tracker/CVE-2012-4439 https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos con acceso de lectura y acceso HTTP al maestro Jenkins insertar datos y ejecutar código arbitrario. • http://www.openwall.com/lists/oss-security/2012/09/21/2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438 https://security-tracker.debian.org/tracker/CVE-2012-4438 https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. Jenkins versiones 2.196 y anteriores, LTS versiones 2.176.3 y anteriores, no escaparon a la razón por la cual los elementos de la cola se borran en la información sobre herramientas (tooltips), resultando en una vulnerabilidad de tipo XSS almacenada explotable por parte de usuarios capaces de controlar partes de la razón por la que un elemento de la cola está bloqueado, tal y como expresiones de etiqueta que no coinciden con ningún ejecutor inactivo. • http://www.openwall.com/lists/oss-security/2019/09/25/3 https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1537%20%282%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure). En Jenkins versiones 2.196 y anteriores, versiones LTS 2.176.3 y anteriores, el control del formulario f:expandableTextBox interpretaba su contenido como HTML cuando se expandía, resultando en una vulnerabilidad de tipo XSS almacenada explotable por aquellos usuarios con permiso para definir su contenido (típicamente Trabajo/Configuración). • http://www.openwall.com/lists/oss-security/2019/09/25/3 https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1498 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •