3 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Jenkins Twitter Plugin almacena las credenciales sin cifrar en su archivo de configuración global en el maestro Jenkins, donde pueden ser vistas por los usuarios con acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2019/04/30/5 http://www.securityfocus.com/bid/108159 https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1143 • CWE-522: Insufficiently Protected Credentials •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter/bws_license_key/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. • https://github.com/wp-plugins/twitter-plugin/commit/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c https://vuldb.com/?ctiid.230155 https://vuldb.com/?id.230155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. • https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146 https://vuldb.com/?ctiid.230154 https://vuldb.com/?id.230154 • CWE-352: Cross-Site Request Forgery (CSRF) •