Lucene search
K

198 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:53 a.m.9 views

CVE-2023-33734

BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...

9.8CVSS8.3AI score0.00752EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.7 views

CVE-2023-27091

An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameters...

7.2CVSS7.2AI score0.00702EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:44 p.m.6 views

CVE-2021-40669

SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file...

9.8CVSS8.2AI score0.01239EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.6 views

CVE-2019-14976

iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter...

6.1CVSS5.9AI score0.00826EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:31 a.m.10 views

CVE-2018-20572

WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote=index=search keywords parameter, a related issue to CVE-2018-15893...

9.8CVSS7.9AI score0.01537EPSS
Exploits2References1
CNVD
CNVD
added 2025/05/22 12:0 a.m.2 views

Employee Record System getData.php File SQL Injection Vulnerability

Employee Record System is an employee record system. Employee Record System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keywords in the file /dashboard/getData.php. An attacker can exploit this...

8.8CVSS8.3AI score0.00389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 11:1 p.m.12 views

CVE-2008-1075

Cross-site scripting XSS vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

4.3CVSS5.8AI score0.00845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:54 p.m.4 views

CVE-2009-1225

Cross-site scripting XSS vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action...

4.3CVSS5.9AI score0.01189EPSS
Exploits1References1
OSV
OSV
added 2025/05/16 4:15 a.m.5 views

CVE-2025-4743

A vulnerability classified as critical was found in code-projects Employee Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /dashboard/getData.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The...

8.8CVSS5.8AI score0.00389EPSS
Exploits1References5
CNVD
CNVD
added 2025/04/09 12:0 a.m.5 views

ForestBlog keywords parameter cross-site scripting vulnerability

ForestBlog is a blogging system. A cross-site scripting vulnerability exists in ForestBlog 20250321 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter keywords, and can be exploited by an attacker to execute arbitrary Web...

5.4CVSS4.7AI score0.00314EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.5 views

ThinkOX 代码注入漏洞

ThinkOX is a lightweight social platform developed by individual developer Cai Peichao caipeichao. A code injection vulnerability exists in ThinkOX version 1.0, which stems from a cross-site scripting attack caused by incorrect operation of the parameter keywords...

5.1CVSS4.9AI score0.00285EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.7 views

ForestBlog 安全漏洞

ForestBlog is a blogging system. A cross-site scripting vulnerability exists in ForestBlog 20250321 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter keywords, and can be exploited by an attacker to execute arbitrary Web...

5.4CVSS6.1AI score0.00314EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.4 views

bookstore 跨站脚本漏洞

bookstore is an e-commerce bookstore system by donglight individual developer. A cross-site scripting vulnerability exists in bookstore version 1.0.0, which originates from the parameter keywords in the file src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java that can lead to...

5.4CVSS4.4AI score0.00302EPSS
Exploits1References6
OSV
OSV
added 2024/11/25 9:15 a.m.3 views

CVE-2024-11663

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclose...

9.8CVSS5.8AI score
Exploits0References4
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.4 views

E-Commerce Site 注入漏洞

E-Commerce Site is an open source e-commerce site by Codezips. An injection vulnerability exists in E-Commerce Site version 1.0, which stems from an incorrect manipulation of the parameter keywords that can lead to sql injection...

9.8CVSS7.5AI score0.00863EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/08/06 3:30 p.m.16 views

Microweber Reflected Cross-site scripting (XSS) vulnerability

A Reflected Cross-site scripting XSS vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter...

7.2CVSS5.9AI score0.00852EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2024/08/06 2:16 p.m.11 views

CVE-2024-40101

A Reflected Cross-site scripting XSS vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter...

6.1CVSS5.8AI score
Exploits0References4
Packet Storm
Packet Storm
added 2024/08/06 12:0 a.m.244 views

Microweber 2.0.15 Cross Site Scripting

Exploit Title: Microweber =v2.0.15 - Reflected Cross-Site Scripting XSS Date: 16.07.2024 Exploit Author: Prerak Mittal Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15 Version: =v2.0.15 Tested on: Ubuntu 22.04 CVE : CVE-2024-401...

7.4AI score0.00852EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.5 views

PT-2024-28783 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber versions 2.0.15 and earlier Description: A Reflected Cross-site scripting XSS issue exists in the "/search" API endpoint, allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the keywords parameter...

7.2CVSS6.3AI score0.00852EPSS
Exploits2References11
Vulnrichment
Vulnrichment
added 2024/08/06 12:0 a.m.16 views

CVE-2024-40101

A Reflected Cross-site scripting XSS vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter...

6.2AI score0.00852EPSS
Exploits2References3
Rows per page
Query Builder