CVE-2024-28276 |
Description: Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-28162 |
Description: In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-28161 |
Description: In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-28160 |
Description: Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-28159 |
Description: A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-28158 |
Description: A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-28157 |
Description: Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-28156 |
Description: Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-28155 |
Description: Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-28154 |
Description: Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|