Total
37424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2493 | 1 Qnap | 1 Multimedia Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later. | |||||
| CVE-2020-2491 | 1 Qnap | 2 Photo Station, Qts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later | |||||
| CVE-2020-2317 | 1 Jenkins | 1 Findbugs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step. | |||||
| CVE-2020-2316 | 1 Jenkins | 1 Static Analysis Utilities | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2292 | 1 Jenkins | 1 Release | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission. | |||||
| CVE-2020-2290 | 1 Jenkins | 1 Active Choices | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2289 | 1 Jenkins | 1 Active Choices | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2283 | 1 Jenkins | 1 Liquibase Runner | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin. | |||||
| CVE-2020-2271 | 1 Jenkins | 1 Locked Files Report | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2270 | 1 Jenkins | 1 Clearcase Release | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2269 | 1 Jenkins | 1 Chosen-views-tabbar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. | |||||
| CVE-2020-2266 | 1 Jenkins | 1 Description Column | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2265 | 1 Jenkins | 1 Coverage\/complexity Scatter Plot | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | |||||
| CVE-2020-2264 | 1 Jenkins | 1 Custom Job Icon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2263 | 1 Jenkins | 1 Radiator View | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2262 | 1 Jenkins | 1 Android Lint | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | |||||
| CVE-2020-2259 | 1 Jenkins | 1 Computer Queue | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | |||||
| CVE-2020-2257 | 1 Jenkins | 1 Validating String Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2256 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2248 | 1 Jenkins | 1 Jsgames | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||