CVE-2017-16760
https://notcve.org/view.php?id=CVE-2017-16760
Inedo BuildMaster before 5.8.2 has XSS. Las versiones anteriores a la 5.8.2 de Inedo BuildMaster tienen Cross-Site Scripting (XSS). • https://inedo.com/blog/buildmaster-582-released https://inedo.myjetbrains.com/youtrack/issue/BM-3100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16521
https://notcve.org/view.php?id=CVE-2017-16521
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. En versiones anteriores a la 5.8.2 de Inedo BuildMaster, se utilizó XslTransform donde se debería haber empleado XslCompiledTransform. • https://gitlab.com/inedo/buildmaster/commit/4f4c737fefe44c3227535946f535fb7ef468d721 https://inedo.com/blog/buildmaster-582-released https://inedo.com/buildmaster/versions#v5.8 https://inedo.myjetbrains.com/youtrack/issue/BM-3108 https://inedo.myjetbrains.com/youtrack/issue/EDO-3334 •
CVE-2017-14944
https://notcve.org/view.php?id=CVE-2017-14944
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. Las versiones anteriores a la 4.7.14 de Inedo ProGet no gestiona correctamente los ID de paquetes peligrosos a la hora de añadir paquetes. Esto también se conoce como PG-1060. • http://inedo.com/blog/proget-4714-released • CWE-20: Improper Input Validation •