PT-2026-41392

Impact Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. Patches...

CVE-2024-41961

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...

EUVD-2023-35216

Malicious code in bioql PyPI...

CVE-2023-30876

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dave Ross Dave's WordPress Live Search plugin = 4.8.1 versions...

PT-2025-6017 · Dreamvention · Dreamvention Live Ajax Search

Name of the Vulnerable Software and Affected Versions: Dreamvention Live AJAX Search Free versions 1.0.0 through 1.0.6 Description: A critical issue has been found in the function searchresults/search of the file /?route=extension/live search/module/live search.searchresults. The manipulation of...

Code Injection

elektra is vulnerable to Code Injection. The vulnerability is due to improper handling of user input in the live search functionality of the Ruby on Rails-based Elektra web application, which allows authenticated users to craft a search term containing Ruby code that flows into an eval call,...

CVE-2024-41961

Summary of CVE-2024-41961 (Elektra) : Elektra, a Ruby on Rails-based OpenStack dashboard, contains a code injection vulnerability in its live search functionality. An authenticated user can provide a search term that includes Ruby code, which flows to an eval sink and can execute arbitrary code. ...

PT-2024-29664 · Elektra +1 · Elektra +1

Name of the Vulnerable Software and Affected Versions: Elektra versions prior to the version containing commit 8bce00be93b95a6512ff68fe86bf9554e486bc02 Description: A code injection issue was discovered in the live search functionality of the Elektra web application, which is built on Ruby on...

CVE-2023-30876

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dave Ross Dave's WordPress Live Search plugin = 4.8.1 versions...

CVE-2023-30876

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dave Ross Dave's WordPress Live Search plugin = 4.8.1 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dave Ross Dave's WordPress Live Search plugin = 4.8.1 versions...

CVE-2023-30876 WordPress Dave's WordPress Live Search Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dave Ross Dave's WordPress Live Search plugin = 4.8.1 versions...

CVE-2023-30876

CVE-2023-30876 concerns Dave’s WordPress Live Search plugin (

WordPress plugin Dave s WordPress Live Search 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Ajax Live Search Plugin For WordPress Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS)

Software Ajax Live Search Plugin For WordPress Type Plugin Vulnerable versions = 2.3.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9b4d19a516fc Credits Rafie Muhamm...

WordPress Dave's WordPress Live Search Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Dave's WordPress Live Search Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30876 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b8da8e543141 Credits Yuki Haruma...

WordPress Ajax Live Search Plugin For WordPress plugin <= 2.3.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Ajax Live Search Plugin For WordPress plugin versions = 2.3.7. Solution No patched version available...

WordPress Ajax Live Search Plugin For WordPress plugin <= 2.3.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ajax Live Search Plugin For WordPress plugin versions = 2.3.7. Solution No patched version available...

Joomla YJ Live Search 2.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla YJ Live Search Module 2.0 SQL Injection / Cross Site Scripting Credit: Bilal KARDADOU Vendor: http://www.youjoomla.com URL: http://www.youjoomla.com/joomla-extensions/yj-live-search-joomla-live-search-module.html Product: 'Joomla...

Joomla YJ Live Search 2.0 SQL Injection

Title: Joomla YJ Live Search Module 2.0 SQL Injection / Cross Site Scripting Credit: Bilal KARDADOU Vendor: http://www.youjoomla.com URL: http://www.youjoomla.com/joomla-extensions/yj-live-search-joomla-live-search-module.html Product: 'Joomla YJ Live Search Module 2.0' Extension type: Module...