CVE-2022-1164

The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature...

CVE-2020-23660

webTareas v2.1 is affected by Cross Site Scripting XSS on "Search."...

CVE-2025-5013

A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack...

April 25, 2025—KB5055627(OS Build 26100.3915) Preview

April 25, 2025—KB5055627OS Build 26100.3915 Preview Change log Change date| Change description ---|--- May 26. 2026| Updated the second MSU file listed under Catalog in Method 2. August 6, 2025| Normal rollout: Input ​​​​​​​and Networking improvements added. August 20, 2025| Gradual rollout:...

CVE-2024-11299 Memberpress <= 1.11.37 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

PT-2025-6942 · Joomla · Js Jobs

Name of the Vulnerable Software and Affected Versions: JS Jobs plugin versions 1.1.5 through 1.4.3 for Joomla Description: A SQL injection issue allows authenticated attackers, with administrator privileges, to execute arbitrary SQL commands via the searchpaymentstatus parameter in the Employer...

PT-2025-5695 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.7 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 Description: An issue has been discovered in GitLab CE/EE that could allow an attacker to cause a denial of...

PT-2024-16486 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: Pega Platform versions 8.1 to Infinity 24.2.0 Description: The issue is related to a Cross-Site Scripting XSS problem in the search feature of the Pega Platform. This type of issue allows attackers to inject malicious scripts into websites,...

CVE-2024-11083 ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

Telegram Agrees to Share User Data With Authorities for Criminal Investigations

In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. "We've made it clear that the IP addresses and phone numbe...

GHSA-66C2-P8RH-QX87 baserCMS Cross-site Scripting vulnerability in Site search Feature

There is a XSS Vulnerability in Site search Feature to baserCMS. Target baserCMS 5.0.8 and earlier versions Vulnerability Malicious code may be executed in Site search Feature. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...

PT-2024-13191 · Basercms · Basercms

Name of the Vulnerable Software and Affected Versions: baserCMS versions prior to 5.0.9 Description: The issue is related to a cross-site scripting vulnerability in the site search feature of baserCMS, a website development framework. This vulnerability allows malicious code to be executed in the...

CVE-2023-31546

Cross Site Scripting XSS vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature...

CVE-2023-31546

Cross Site Scripting XSS vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature...

Cross site scripting

Cross Site Scripting XSS vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature...

CVE-2023-31546

Consolidated details show: Affected product is DedeBIZ v6.0.3. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via the search feature , allowing an attacker to run arbitrary code in the context of a user session. Root cause identified as improper handling of input in the search...

CVE-2023-43813 glpi Authenticated SQL Injection

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue...

PT-2023-23382 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.0.3 Description: The issue allows attackers to run arbitrary code via the search feature. This is a Cross Site Scripting XSS issue, which means attackers can execute scripts in the context of another user's session,...

HackerOne: New Search Feature: Search for non-public words in limited disclosure reports

A vulnerability was discovered that allowed an attacker to search for words in limited disclosure vulnerability reports on HackerOne and see if the word existed in the full report, rather than just the limited disclosure portion. This could potentially allow secrets contained within a full report...

Beyond File Search: A Novel Method

Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Mathanraj Thangaraju and Sijo Jacob · July 26, 2023 Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows...