Lucene search
K

20 matches found

NVD
NVD
added 2026/06/10 10:17 p.m.9 views

CVE-2026-53741

Simple Link Directory through 9.0.4 interpolates the sldnoresultsfound option into a JavaScript string literal without encoding. Because sanitizetextfield leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...

5.4CVSS0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.30 views

CVE-2026-53741 Simple Link Directory through 9.0.4 Stored XSS via sld_no_results_found Option

Simple Link Directory through 9.0.4 interpolates the sldnoresultsfound option into a JavaScript string literal without encoding. Because sanitizetextfield leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...

5.4CVSS0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.16 views

CVE-2026-53741

CVE-2026-53741 affects Simple Link Directory up to version 9.0.4. The root cause is that the sld_no_results_found option is interpolated into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload can break out of the string and execute sc...

5.4CVSS5.4AI score0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.9 views

CVE-2026-53741 Simple Link Directory through 9.0.4 Stored XSS via sld_no_results_found Option

Simple Link Directory through 9.0.4 interpolates the sldnoresultsfound option into a JavaScript string literal without encoding. Because sanitizetextfield leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...

5.4CVSS5.4AI score0.00141EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-47961

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00465EPSS
Exploits1References1
Lenovo
Lenovo
added 2025/08/12 3:11 p.m.4 views

NVIDIA DOCA-Host and Mellanox OFED Advisory - July 2025 - Lenovo Support US

No description provided...

7.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/06/13 2:7 p.m.10 views

starcitizentools/citizen-skin allows stored XSS in search no result messages

Summary The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The system messages are inserted as raw HTML by the mustache template:...

6.5CVSS6.4AI score0.0035EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/12 6:50 p.m.7 views

CVE-2025-49576 Citizen allows stored XSS in search no result messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...

6.5CVSS6.9AI score0.0035EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:44 p.m.6 views

CVE-2022-45036

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

5.4CVSS5.7AI score0.00465EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.4 views

Coolify 安全漏洞

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a cross-site scripting vulnerability that stems from allowing a user to search for tags on a tabbed page, and if the search does not return any results, the query is reflected in an error...

6.1CVSS6AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2022/11/25 4:15 p.m.20 views

CVE-2022-45036

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

5.4CVSS0.00465EPSS
Exploits1References1
OSV
OSV
added 2022/11/25 4:15 p.m.14 views

CVE-2022-45036

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

5.4CVSS5.7AI score
Exploits0References1
Prion
Prion
added 2022/11/25 4:15 p.m.14 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

4.9CVSS5.3AI score0.00465EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/25 12:0 a.m.8 views

CVE-2022-45036

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

5.3AI score0.00465EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/25 12:0 a.m.5 views

WBCE CMS 跨站脚本漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in WBCE CMS v1.5.4, which stems from a cross-site scripting XSS vulnerability in the Search Settings module. The vulnerability can be exploited by an attacker to execute arbitrary web...

5.4CVSS5.9AI score0.00465EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/11/25 12:0 a.m.27 views

CVE-2022-45036

A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...

5.4AI score0.00465EPSS
Exploits1References1
PyPA
PyPA
added 2021/02/05 6:15 p.m.6 views

PYSEC-2021-33

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar...

6.1CVSS6.2AI score0.03203EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/02/05 5:12 p.m.25 views

CVE-2021-26722

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar...

6.2AI score0.03203EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/02/05 12:0 a.m.8 views

Linkedin Oncall 跨站脚本漏洞

Linkedin Oncall is the United States Linkedin company based on Python language can be used to manage the calendar planning platform of the building system. A security vulnerability exists in Linkedin Oncall versions 1.4.0 and earlier, which stems from the mishandling of the "No results found"...

6.1CVSS6.3AI score0.03203EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2018/03/12 7:36 p.m.13 views

youngsubaru.com XSS vulnerability

Open Bug Bounty ID: OBB-579095 Description| Value ---|--- Affected Website:| youngsubaru.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Rows per page
Query Builder