CVE-2018-7603

In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website nodes, comments, etc.. The module doesn't sufficiently filter user-entered...

CVE-2018-7603

In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website nodes, comments, etc.. The module doesn't sufficiently filter user-entered...

CVE-2018-7603 Search Autocomplete

In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website nodes, comments, etc.. The module doesn't sufficiently filter user-entered...

Nextcloud: Stored XSS/HTML injection in autocomplete suggestions for sharing

encrypted report, see attached GnuPG file. I tried to send this by mail, but [email protected] told me that I'm forced sic! to signup here. Please use 7F40 5A4F FAA3 F51B FEFD EE2F CE82 B2C8 6DCE BB9F to contact me. Impact encrypted report, see attached GnuPG file...

Security update for nextcloud (moderate)

This update for nextcloud fixes security issues and bugs. Security issues fixed: - CVE-2018-3780: Stored XSS in autocomplete suggestions for file comments boo1114817 This update also contains all bug fixes and improvements in the 13.0.8 version, including: - Password expiration time changed from...

CVE-2018-18717

An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=XSS URI...

Gitlab -- multiple vulnerabilities

Gitlab reports: RCE in Gitlab Wiki API SSRF in Hipchat integration Cleartext storage of personal access tokens Information exposure through stack trace error message Persistent XSS autocomplete Information exposure in stored browser history Information exposure when replying to issues through ema...

Search Autocomplete - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-070

This Search Autocomplete module enables you to autocomplete textfield using data from your website nodes, comments, etc... The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting XSS vulnerability. This vulnerability can be exploit...

6: XSS in discovery rule filter autocomplete functionality

Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality...

Cross site scripting

A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

CVE-2018-3780

A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

CVE-2018-3781

A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

CVE-2018-3780

A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)

A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)

A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

CVE-2017-12175

Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality...

CVE-2017-12175

Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality...

Design/Logic Flaw

Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality...

CVE-2017-12175

Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality...

PT-2018-5379 · Red Hat · Red Hat Satellite

Name of the Vulnerable Software and Affected Versions: Red Hat Satellite versions prior to 6.5 Description: The issue is related to a XSS when using the autocomplete functionality while entering a filter in the discovery rule. Recommendations: For versions prior to 6.5, update to version 6.5 or...