| Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-13990 | 7.5 |
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
|
22-12-2023 - 16:35 | 26-07-2019 - 19:15 | |
| CVE-2019-10405 | 3.5 |
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.
|
02-11-2023 - 21:30 | 25-09-2019 - 16:15 | |
| CVE-2019-10406 | 3.5 |
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
|
02-11-2023 - 21:30 | 25-09-2019 - 16:15 | |
| CVE-2019-10404 | 3.5 |
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as l
|
02-11-2023 - 21:30 | 25-09-2019 - 16:15 | |
| CVE-2019-10402 | 3.5 |
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.
|
02-11-2023 - 21:06 | 25-09-2019 - 16:15 | |
| CVE-2019-10403 | 3.5 |
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
|
02-11-2023 - 21:06 | 25-09-2019 - 16:15 | |
| CVE-2019-10401 | 3.5 |
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically
|
02-11-2023 - 21:06 | 25-09-2019 - 16:15 | |
| CVE-2020-11023 | 4.3 |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
|
31-08-2023 - 03:15 | 29-04-2020 - 21:15 | |
| CVE-2020-11022 | 4.3 |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
|
31-08-2023 - 03:15 | 29-04-2020 - 22:15 | |
| CVE-2019-11840 | 4.3 |
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 25
|
17-06-2023 - 00:15 | 09-05-2019 - 16:29 | |
| CVE-2019-10086 | 7.5 |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
|
25-07-2022 - 18:15 | 20-08-2019 - 21:15 | |
| CVE-2019-17195 | 6.8 |
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
|
07-06-2022 - 18:40 | 15-10-2019 - 14:15 | |
| CVE-2019-8331 | 4.3 |
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
|
16-05-2022 - 19:52 | 20-02-2019 - 16:29 | |
| CVE-2020-7598 | 6.8 |
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
|
22-04-2022 - 19:02 | 11-03-2020 - 23:15 | |
| CVE-2017-18635 | 4.3 |
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
|
06-04-2022 - 17:54 | 25-09-2019 - 23:15 | |
| CVE-2020-11023 | 4.3 |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
|
01-10-2020 - 00:15 | 29-04-2020 - 21:15 | |
| CVE-2020-11022 | 4.3 |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
|
25-09-2020 - 20:15 | 29-04-2020 - 22:15 | |
| CVE-2020-10775 | 2.6 |
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser,
|
04-09-2020 - 14:57 | 24-08-2020 - 17:15 | |
| CVE-2019-19336 | 4.3 |
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML p
|
23-03-2020 - 16:44 | 19-03-2020 - 14:15 |