393 matches found
WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection
The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...
CVE-2026-13253
The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and including 5.0.31. This is due to insufficient input sanitization and output escaping in the...
EUVD-2026-42520
The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and including 5.0.31. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-13253 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites <= 5.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'moreResultsText' Block Attribute
The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and including 5.0.31. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-50235
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...
CVE-2026-30139
A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...
CVE-2026-50235
Affected software: Lyrion Music Server 9.2.0. Vulnerability: reflected XSS in advanced search parameters that fail to sanitize user input before displaying it in search forms. Impact: can execute arbitrary JavaScript in users’ browsers and potentially steal session information. Exploitation/Detai...
CVE-2026-50235 Lyrion Music Server 9.2.0 Reflected XSS via search Parameters
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...
CVE-2026-50235 Lyrion Music Server 9.2.0 Reflected XSS via search Parameters
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...
EUVD-2026-34834
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...
PT-2026-46954
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...
📄 Lyrion Music Server 9.2.0 search Cross Site Scripting
Lyrion Music Server version 9.2.0 has advanced search parameters that are stuffed back into the page so the form keeps its values. Several free-text fields do not apply filtering, resulting in reflected cross site scripting. Lyrion Music Server 9.2.0 search. Multiple Script Insertions Vendor: LMS...
Lyrion Music Server 9.2.0 (search.*) Multiple Script Insertions
Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...
Silverpeas Core has a reflected cross-site scripting vulnerability
A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...
CVE-2026-30139
A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...
CVE-2026-30139
A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...
Silverpeas Core 跨站脚本漏洞
Silverpeas Core is an open-source project developed by Silverpeas, used for building and running collaborative and social web portals. Versions of Silverpeas Core prior to 6.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the AdvancedSearch feature having...
CVE-2026-39342
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...
CVE-2026-39342
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...
CVE-2026-39342 ChurchCRM has a SQL injection searchwhat parameter via QueryView.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...