20 matches found
CVE-2026-53741
Simple Link Directory through 9.0.4 interpolates the sldnoresultsfound option into a JavaScript string literal without encoding. Because sanitizetextfield leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...
CVE-2026-53741 Simple Link Directory through 9.0.4 Stored XSS via sld_no_results_found Option
Simple Link Directory through 9.0.4 interpolates the sldnoresultsfound option into a JavaScript string literal without encoding. Because sanitizetextfield leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...
CVE-2026-53741
CVE-2026-53741 affects Simple Link Directory up to version 9.0.4. The root cause is that the sld_no_results_found option is interpolated into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload can break out of the string and execute sc...
CVE-2026-53741 Simple Link Directory through 9.0.4 Stored XSS via sld_no_results_found Option
Simple Link Directory through 9.0.4 interpolates the sldnoresultsfound option into a JavaScript string literal without encoding. Because sanitizetextfield leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...
EUVD-2022-47961
Malicious code in bioql PyPI...
NVIDIA DOCA-Host and Mellanox OFED Advisory - July 2025 - Lenovo Support US
No description provided...
starcitizentools/citizen-skin allows stored XSS in search no result messages
Summary The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. Details The system messages are inserted as raw HTML by the mustache template:...
CVE-2025-49576 Citizen allows stored XSS in search no result messages
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerabilit...
CVE-2022-45036
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...
Coolify 安全漏洞
Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a cross-site scripting vulnerability that stems from allowing a user to search for tags on a tabbed page, and if the search does not return any results, the query is reflected in an error...
CVE-2022-45036
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...
CVE-2022-45036
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...
Cross site scripting
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...
CVE-2022-45036
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...
WBCE CMS 跨站脚本漏洞
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in WBCE CMS v1.5.4, which stems from a cross-site scripting XSS vulnerability in the Search Settings module. The vulnerability can be exploited by an attacker to execute arbitrary web...
CVE-2022-45036
A cross-site scripting XSS vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field...
PYSEC-2021-33
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar...
CVE-2021-26722
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar...
Linkedin Oncall 跨站脚本漏洞
Linkedin Oncall is the United States Linkedin company based on Python language can be used to manage the calendar planning platform of the building system. A security vulnerability exists in Linkedin Oncall versions 1.4.0 and earlier, which stems from the mishandling of the "No results found"...
youngsubaru.com XSS vulnerability
Open Bug Bounty ID: OBB-579095 Description| Value ---|--- Affected Website:| youngsubaru.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...