114 matches found
mblog 安全漏洞
mblog is a blogging system by langhsu individual developer. A security vulnerability exists in mblog 3.5.0 and earlier versions, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter kw in file/search...
Grub2: net: out-of-bounds write in grub_net_search_config_file()
...
CVE-2011-5156
Untrusted search path vulnerability in Effective File Search 6.7 allows local users to gain privileges via a Trojan horse ztvunrar36.dll file in the current working directory, as demonstrated by a directory that contains a .efs file. NOTE: the provenance of this information is unknown; the detail...
CVE-2025-23867
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in markcoker WordPress File Search wpfilesearch allows Reflected XSS.This issue affects WordPress File Search: from n/a through = 1.2...
CVE-2025-23867 WordPress WordPress File Search Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in markcoker WordPress File Search wpfilesearch allows Reflected XSS.This issue affects WordPress File Search: from n/a through = 1.2...
CVE-2025-23867
CVE-2025-23867 : NotFound WordPress File Search is affected by a reflected XSS due to improper input neutralization during web page generation. The issue affects WordPress File Search plugin versions up to 1.2 (exact vulnerable range implied by “from n/a through 1.2”). CVSS v3.1 base score 7.1 (H...
CVE-2025-23867 WordPress WordPress File Search Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in markcoker WordPress File Search wpfilesearch allows Reflected XSS.This issue affects WordPress File Search: from n/a through = 1.2...
WordPress plugin WordPress File Search 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress WordPress File Search Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin WordPress File Search versions = 1.2...
Microsoft Windows Defender 安全漏洞
Microsoft Windows Defender is a suite of antivirus software that comes with Windows systems from the American company Microsoft. Microsoft Windows Defender suffers from an authorization issue vulnerability that arises from improper authorization of an index containing sensitive information in a...
Gitlab -- vulnerabilities
Gitlab reports: GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider Path Traversal leads to DoS and Restricted File Read Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search Personal Access Token scopes not honoured by...
Cross Site Scripting
concrete5/concrete5 is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient validation of administrator provided data in the Advanced File Search Filter, allowing rogue administrators to add malicious code in the file manager...
GHSA-XWRH-QXMC-X8C8 Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...
CVE-2024-3178
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...
CVE-2024-3178
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...
CVE-2024-3178 Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...
PT-2024-24203 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 Description: The issue concerns Cross-site Scripting XSS in the Advanced File Search Filter. A rogue administrator could add malicious code in the file manager due to insufficient...
HTML filter and csv-file search < 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2023-5096
The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...