CWE-79 CVEs and Security Vulnerabilities

Filtered by CWE-79

Search

Switch to Advanced Search (Beta)

Total 43804 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-2190	2 Jenkins, Redhat	2 Script Security, Openshift	2024-11-21	5.4 Medium
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2176	1 Jenkins	1 Usemango Runner	2024-11-21	5.4 Medium
Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service.
CVE-2020-2175	1 Jenkins	1 Fitnesse	2024-11-21	5.4 Medium
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin.
CVE-2020-2174	1 Jenkins	1 Awseb Deployment	2024-11-21	6.1 Medium
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.
CVE-2020-2173	1 Jenkins	1 Gatling	2024-11-21	5.4 Medium
Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content.
CVE-2020-2170	1 Jenkins	1 Rapiddeploy	2024-11-21	5.4 Medium
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
CVE-2020-2169	1 Jenkins	1 Queue Cleanup	2024-11-21	6.1 Medium
A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.
CVE-2020-2163	2 Jenkins, Redhat	2 Jenkins, Openshift	2024-11-21	5.4 Medium
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.
CVE-2020-2162	2 Jenkins, Redhat	2 Jenkins, Openshift	2024-11-21	5.4 Medium
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
CVE-2020-2161	2 Jenkins, Redhat	2 Jenkins, Openshift	2024-11-21	5.4 Medium
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.
CVE-2020-2152	1 Jenkins	1 Subversion Release Manager	2024-11-21	6.1 Medium
Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.
CVE-2020-2140	1 Jenkins	1 Audit Trail	2024-11-21	6.1 Medium
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
CVE-2020-2137	1 Jenkins	1 Timestamper	2024-11-21	4.8 Medium
Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
CVE-2020-2136	2 Jenkins, Redhat	2 Git, Openshift	2024-11-21	5.4 Medium
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2122	1 Jenkins	1 Brakeman	2024-11-21	5.4 Medium
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data.
CVE-2020-2113	1 Jenkins	1 Git Parameter	2024-11-21	5.4 Medium
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
CVE-2020-2112	1 Jenkins	1 Git Parameter	2024-11-21	5.4 Medium
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
CVE-2020-2111	2 Jenkins, Redhat	2 Subversion, Openshift	2024-11-21	5.4 Medium
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2106	1 Jenkins	1 Code Coverage Api	2024-11-21	5.4 Medium
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.
CVE-2020-2096	1 Jenkins	1 Gitlab Hook	2024-11-21	6.1 Medium
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.

« first previous Page 1850 of 2191. next last »