PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)

The slider import search feature of the plugin settings did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/edit.php?posttype=wcps=importlayouts="onmouseover=alert1;//...

Sql injection

eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sortby parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the...

Sql injection

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the jobid parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3...

mdbook -- XSS in mdBook's search page

Rust Security Response Working Group reports: The search feature of mdBook introduced in version 0.1.4 was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query,...

[ASA-202101-8] mdbook: cross-site scripting

Arch Linux Security Advisory ASA-202101-8 ========================================= Severity: Medium Date : 2021-01-12 CVE-ID : CVE-2020-26297 Package : mdbook Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1399 Summary ======= The package mdbook before version...

CVE-2020-26297

mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBo...

CVE-2020-26297

mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBo...

Cross site scripting

mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBo...

CVE-2020-13349

Removed by vendor...

CVE-2020-9300

Technical details about CVE-2020-9300 are not publicly provided in the connected documents. Monitor for updates from vendors and security bulletins; current sources only reiterate access-control issues without specifics.

CVE-2020-9300

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure...

CVE-2020-27533

A Cross Site Scripting XSS issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages...

SQL Injection

phpmyadmin/phpmyadmin is vulnerable to SQL injection. An attacker is able to inject and execute arbitrary SQL statements on the database via the search feature, due to inadequate validation...

DEBIAN-CVE-2020-26935

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...

CVE-2020-26935

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...

CVE-2020-23660

webTareas v2.1 is affected by Cross Site Scripting XSS on "Search."...

e-learning PHP Script 0.1.0 SQL Injection

Exploit Title: e-learning Php Script 0.1.0 - 'search' SQL Injection Date: 2020-06-29 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script Version: 0.1.0 Tested on: Kali Linux Source...

Liferay Portal 7.1.0 - 7.2.1 XSS Vulnerability

Liferay Portal is prone to an authenticated cross-site scripting vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2020-7934

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload wi...

CVE-2020-7934

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload wi...