Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. This issue is patched in version 1.36.33. This is unescaped when viewing the logs in the web ui. Log entries can be injected into the database logs, containing a malicious referrer field. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting.
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting.
0 kommentar(er)
