Linkit - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-033

Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field. When searching for entities, this module doesn't always enforce the access restrictions and users may see information about entities they should not be able to access. This is...

CVE-2017-5866

The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors...

CVE-2017-5866

The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors...

CVE-2017-5866

The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors...

CVE-2017-2609

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions SECURITY-385. The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to...

Information disclosure in email field dialog at sharing - ownCloud

An attacker can get sensitive information in the E-Mail share dialog with the autocompletion by default Affected Software ownCloud Server 9.1.3 CVE-2017-5866 core/c27b2b935f940a2c8e2fc1a5d8934407ae85dd57 ownCloud Server 9.0.7 CVE-2017-5866 core/62b1865a301a1ce90f9a3c773f5eb00c33deb581 ownCloud...

Drupal Autocomplete Deluxe Module Cross-Site Scripting Vulnerability

Drupal is the Drupal community maintained by a set of free , open source content management system developed in PHP language . Autocomplete Deluxe is one of the modules based on the JQuery UI autocomplete for the classification field to create a new widget . A cross-site scripting vulnerability...

Autocomplete Deluxe - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-003

This module creates a new widget for taxonomy fields based on JQuery UI autocomplete. The module doesn't sufficiently escape the entered taxonomy terms thereby exposing a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have the permission ...

auto.etnet.com.hk XSS vulnerability

Vulnerable URL: http://auto.etnet.com.hk/AutoComplete/AutoComplete?lang=TC=prompt/OPENBUGBOUNTY/...

Drupal Fast Autocomplete Module Remote Denial of Service Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Fast Autocomplete is one of the modules used to quickly create configurable view patterns. A remote denial of service vulnerability exists in version 7.x-1.x of the Drupal Fast...

Uber: Cross-site Scripting (XSS) autocomplete generation in https://www.uber.com/

Description: The website located at https://www.uber.com/ suffers from a generated Cross-site Scripting XSS vulnerability in the "find a city" input field. Reproduction Steps: Open the latest Chrome web browser Navigate to the following URL's "find a city input field": https://www.uber.com/ Type ...

Fast Autocomplete - Critical - DOS vulnerability - SA-CONTRIB-2016-016

This module enables you to show IMDB-like suggestions when entering terms into an input field using json files to "cache" suggestions making the autocomplete very fast. The module doesn't sufficiently validate the incoming language parameter in the request path when a json file of the module is...

Design/Logic Flaw

eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

CVE-2015-6752

Cross-site scripting XSS vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified...

CVE-2015-6752

Summary: CVE-2015-6752 is a cross-site scripting (XSS) vulnerability in Drupal’s Search API Autocomplete module (7.x-1.x, prior to 7.x-1.3). The issue arises when the search index uses the HTML filter processor, allowing remote authenticated users with certain permissions to inject arbitrary web ...

CVE-2015-6658

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...

CVE-2015-6658

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...

UBUNTU-CVE-2015-6658

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...

Cross site scripting

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...

CVE-2015-6658

Removed by vendor...