Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2020-2316: Jenkins Security Advisory 2020-11-04

Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

CVE
#sql#xss#csrf#vulnerability#windows#java#kubernetes#perl#ldap#ssrf#vmware#aws#auth
CVE-2020-2303: Jenkins Security Advisory 2020-11-04

A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.

CVE-2020-2317: Jenkins Security Advisory 2020-11-04

Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.

CVE-2020-28033: WordPress 5.5.2 Security and Maintenance Release

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.

CVE-2020-12501: VDE-2020-040 | CERT@VDE

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.

CVE-2020-2296: Jenkins Security Advisory 2020-10-08

A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.

CVE-2020-2292: Jenkins Security Advisory 2020-10-08

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission.

CVE-2020-25270: PHP Project, PHP Projects Ideas, PHP Latest tutorials, PHP oops Concept

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.