Sql injection

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-4297

CVE-2022-4297 affects the WP AutoComplete Search WordPress plugin (v1.0.4 and earlier). The root cause is failure to sanitize/escape a parameter used in an SQL statement inside an unauthenticated AJAX endpoint (q parameter), enabling unauthenticated SQL injection with high impact. Public exploit ...

CVE-2022-4297 WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

PT-2023-14165 · WordPress · Wp Autocomplete Search

Name of the Vulnerable Software and Affected Versions: WP AutoComplete Search WordPress plugin versions 1.0.4 and earlier Description: The issue arises from the plugin's failure to sanitise and escape a parameter before using it in a SQL statement via an AJAX endpoint available to unauthenticated...

WordPress plugin WP AutoComplete Search SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection Extract the nonce from the index page search for "wpautosearchconfig", look for the "nonce" field Invoke the following...

hunter2 安全漏洞

hunter2 is hunter2 open source a platform for creating and running online or event-based puzzle hunts. A security vulnerability exists in hunter2 versions prior to 2.1.0 that stems from improper handling of auto-complete input and allows an authenticated attacker to extract the email addresses of...

Security Bulletin: IBM Maximo Asset Management could allow a local attacker to obtain information due to the autocomplete feature on password input fields (CVE-2015-1933)

Summary The autocomplete attribute of the password field on the Maximo Asset Management Login page is not set to false. This vulnerability could allow a local attacker to obtain account access. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry...

Malicious Package

Overview autocomplete-ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

CVE-2021-39045

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345...

CVE-2021-39045

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345...

Design/Logic Flaw

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345...

CVE-2021-39045

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345...

PT-2022-10863 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: The issue allows a local attacker to obtain information due to the autocomplete feature on password input fields. Recommendations: For versions 11.1.7 through 11.2.1, consider...

Cross-site scripting from dynamic options in the multiselect field

Introduction Cross-site scripting XSS is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such...

Malicious code in niquirer-autocomplete-prompt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e274a1bc8a7ad76ed1a5d7c179409ecd0591278b53475e2a3426398d242be2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4856 Malicious code in niquirer-autocomplete-prompt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e274a1bc8a7ad76ed1a5d7c179409ecd0591278b53475e2a3426398d242be2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-C558-5GFM-P2R8 JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting

Impact The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. This...

Cross-site Scripting (XSS)

dspace-jspui is vulnerable to cross-site scripting. The vulnerability exists because the discovery.jsp does not properly escape the data-spell attribute text and the autocomplete text before being rendered on the page, allowing an attacker to inject and execute malicious javascript...

CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...