CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

CVE-2019-12932

SeedDMS 5.1.11 is affected by a stored XSS weakness originating from insufficient escaping of the autocomplete search results in the header’s out/out.Viewfolder.php. The vulnerability allows injection of malicious scripts via the search autocomplete field, with the issue surface described consist...

GHSA-CRFX-5PHG-HMW9 Cross-Site Scripting in ids-enterprise

Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. Script tags in the soho-autocomplete component are not properly encoded and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later...

Cross-Site Scripting in ids-enterprise

Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. Script tags in the soho-autocomplete component are not properly encoded and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later...

Cross-Site Scripting

Overview Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. Script tags in the soho-autocomplete component are not properly encoded and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later References - GitHub...

Cross-site Scripting (XSS)

Red Hat Satellite is vulnerable to cross-site scripting attacks. Remote authenticated attacker could exploit the Discovery Rule component when you are entering filter via the autocomplete functionality resulting in XSS...

CVE-2019-8350

The Simple - Better Banking application 2.45.0 through 2.45.3 fixed in 2.46.0 for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this...

CVE-2019-8350

The Simple - Better Banking application 2.45.0 through 2.45.3 fixed in 2.46.0 for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this...

Information disclosure

The Simple - Better Banking application 2.45.0 through 2.45.3 fixed in 2.46.0 for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this...

CVE-2019-8350

The Simple - Better Banking application 2.45.0 through 2.45.3 fixed in 2.46.0 for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this...

Materialize-css vulnerable to Cross-site Scripting in autocomplete component

All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available...

GHSA-7752-F4GF-94GC Materialize-css vulnerable to Cross-site Scripting in autocomplete component

All versions of materialize-css are vulnerable to Cross-Site Scripting. The autocomplete component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available...

Cross-site Scripting (XSS)

materialize is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the Autocomplete feature...

Security feature bypass

In Materialize through 1.0.0, XSS is possible via the Autocomplete feature...

CVE-2019-11003

In Materialize through 1.0.0, XSS is possible via the Autocomplete feature...

CVE-2019-11003

In Materialize through 1.0.0, XSS is possible via the Autocomplete feature...

CVE-2019-11003

In Materialize through 1.0.0, XSS is possible via the Autocomplete feature...

CVE-2019-11003

Materialize up to version 1.0.0 is susceptible to Cross-Site Scripting via the Autocomplete feature. The root cause is insufficient sanitization of user input in the Autocomplete component, enabling arbitrary JavaScript execution when rendered. Affected: Materialize (frontend framework) using the...

Cross site scripting

In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website nodes, comments, etc.. The module doesn't sufficiently filter user-entered...