198 matches found
CVE-2023-33734
BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...
CVE-2023-27091
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameters...
CVE-2021-40669
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file...
CVE-2019-14976
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter...
CVE-2018-20572
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote=index=search keywords parameter, a related issue to CVE-2018-15893...
Employee Record System getData.php File SQL Injection Vulnerability
Employee Record System is an employee record system. Employee Record System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keywords in the file /dashboard/getData.php. An attacker can exploit this...
CVE-2008-1075
Cross-site scripting XSS vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-1225
Cross-site scripting XSS vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action...
CVE-2025-4743
A vulnerability classified as critical was found in code-projects Employee Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /dashboard/getData.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The...
ForestBlog keywords parameter cross-site scripting vulnerability
ForestBlog is a blogging system. A cross-site scripting vulnerability exists in ForestBlog 20250321 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter keywords, and can be exploited by an attacker to execute arbitrary Web...
ThinkOX 代码注入漏洞
ThinkOX is a lightweight social platform developed by individual developer Cai Peichao caipeichao. A code injection vulnerability exists in ThinkOX version 1.0, which stems from a cross-site scripting attack caused by incorrect operation of the parameter keywords...
ForestBlog 安全漏洞
ForestBlog is a blogging system. A cross-site scripting vulnerability exists in ForestBlog 20250321 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter keywords, and can be exploited by an attacker to execute arbitrary Web...
bookstore 跨站脚本漏洞
bookstore is an e-commerce bookstore system by donglight individual developer. A cross-site scripting vulnerability exists in bookstore version 1.0.0, which originates from the parameter keywords in the file src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java that can lead to...
CVE-2024-11663
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclose...
E-Commerce Site 注入漏洞
E-Commerce Site is an open source e-commerce site by Codezips. An injection vulnerability exists in E-Commerce Site version 1.0, which stems from an incorrect manipulation of the parameter keywords that can lead to sql injection...
Microweber Reflected Cross-site scripting (XSS) vulnerability
A Reflected Cross-site scripting XSS vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter...
CVE-2024-40101
A Reflected Cross-site scripting XSS vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter...
Microweber 2.0.15 Cross Site Scripting
Exploit Title: Microweber =v2.0.15 - Reflected Cross-Site Scripting XSS Date: 16.07.2024 Exploit Author: Prerak Mittal Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15 Version: =v2.0.15 Tested on: Ubuntu 22.04 CVE : CVE-2024-401...
PT-2024-28783 · Unknown · Microweber
Name of the Vulnerable Software and Affected Versions: microweber versions 2.0.15 and earlier Description: A Reflected Cross-site scripting XSS issue exists in the "/search" API endpoint, allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the keywords parameter...
CVE-2024-40101
A Reflected Cross-site scripting XSS vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter...