Malicious code in autocomplete-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b3d22342c939ff5ef11bdb6b41a359ac46d2ba5e348d89c27cb5b66b5518f1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

CVE-2023-45072

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kardi Order auto complete for WooCommerce plugin = 1.2.0 versions...

CVE-2023-5421

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

UBUNTU-CVE-2023-5421

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was...

PT-2023-32093 · Unknown +2 · Otrs Community Edition +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: An attacker who is logged into OTRS as a user with privileges to create and change customer user data may...

Improper Input Validation

ux-autocomplete is vulnerable to Improper Input Validation. The vulnerability is due to a missing validation check while submitting an entry id for an EntityType when selecting an entry in the Autocomplete UI component. This causes an entity id for an EntityType that is not part of the valid...

CVE-2023-41336

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2...

Code injection

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2...

CVE-2023-41336

CVE-2023-41336 affects Symfony UX Autocomplete (ux-autocomplete). Under certain circumstances, an attacker could submit an entity ID for an EntityType that is not among valid choices. The issue has been fixed in version 2.11.2 of symfony/ux-autocomplete. Public sources (Red Hat, NVD, OSV, CVE lis...

CVE-2023-41336 Prevent injection of invalid entity ids for "autocomplete" fields in symfony ux-autocomplete

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2...

CVE-2023-41336 Prevent injection of invalid entity ids for "autocomplete" fields in symfony ux-autocomplete

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2...

CVE-2023-41336 Prevent injection of invalid entity ids for "autocomplete" fields in symfony ux-autocomplete

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2...

GHSA-4CPV-669C-R79X Prevent injection of invalid entity ids for "autocomplete" fields

Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom querybuilder option to limit the valid results; AND An EntityType with 'autocomplete' = true or a custom...

Prevent injection of invalid entity ids for "autocomplete" fields

Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom querybuilder option to limit the valid results; AND An EntityType with 'autocomplete' = true or a custom...

symfony/ux-autocomplete Prevent injection of invalid entity ids for "autocomplete" fields

Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom querybuilder option to limit the valid results; AND An EntityType with 'autocomplete' = true or a custom...

Symfony UX Autocomplete Input Validation Error Vulnerability

Symfony UX Autocomplete is a Symfony open source JavaScript autocomplete feature for Symfony. An input validation error vulnerability exists in Symfony UX Autocomplete versions prior to 2.11.2. An attacker can exploit this vulnerability to successfully submit an invalid entity ID...

PT-2023-27912 · Symfony · Symfony/Ux-Autocomplete

Name of the Vulnerable Software and Affected Versions: symfony/ux-autocomplete versions prior to 2.11.2 Description: The issue allows an attacker to submit an entity id for an EntityType that is not part of the valid choices under certain circumstances. This can occur in applications that use a...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability is due to autocomplete under certain conditions, which allows an attacker to view fields related to sensitive information...

Open-Xchange AppSuite SQL Injection Vulnerability

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to more intuitively manage email, tasks, files, and more. An SQL injection vulnerability exists in Open-Xchange AppSuite, which stems from an SQL injection vulnerability in the...