CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

EUVD-2019-4509

Malware in sbrugna...

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

Sql injection

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-4297

CVE-2022-4297 affects the WP AutoComplete Search WordPress plugin (v1.0.4 and earlier). The root cause is failure to sanitize/escape a parameter used in an SQL statement inside an unauthenticated AJAX endpoint (q parameter), enabling unauthenticated SQL injection with high impact. Public exploit ...

CVE-2022-4297 WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

PT-2023-14165 · WordPress · Wp Autocomplete Search

Name of the Vulnerable Software and Affected Versions: WP AutoComplete Search WordPress plugin versions 1.0.4 and earlier Description: The issue arises from the plugin's failure to sanitise and escape a parameter before using it in a SQL statement via an AJAX endpoint available to unauthenticated...

WordPress plugin WP AutoComplete Search SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

CVE-2019-12932

SeedDMS 5.1.11 is affected by a stored XSS weakness originating from insufficient escaping of the autocomplete search results in the header’s out/out.Viewfolder.php. The vulnerability allows injection of malicious scripts via the search autocomplete field, with the issue surface described consist...

PT-2018-16182 · Nextcloud · Nextcloud Calendar

Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar versions prior to 1.5.8 Nextcloud Calendar versions prior to 1.6.1 Description: A stored XSS issue exists due to missing sanitization of search results for an autocomplete field, requiring user-interaction. This issue is...

CVE-2015-4375

The Chaos tool suite ctools module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via 1 an autocomplete search on custom entities without an access query tag or 2 leveraging knowledge of the ID of an entity...