127 matches found
CVE-2022-1474
The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting...
CVE-2022-1474
The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting...
Pybbs 跨站脚本漏洞
Pybbs is a community forum for more practical Java development. A cross-site scripting vulnerability exists in Pybbs, which stems from the product's search box not effectively handling special characters in user input data. An attacker can exploit this vulnerability to execute client-side code...
CVE-2021-42547
Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...
CVE-2021-42838
Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks...
Macrob7 Macs Framework Content Management System 跨站脚本漏洞
Zenar Content Management System is an open source content management system CMS from the Zenar team. A cross-site scripting vulnerability exists in Macrob7 Macs Framework Content Management System version 1.14, which can be exploited by an attacker via the search input field of the search module...
Code Injection in collectiveaccess/providence
Description client side injection Proof of Concept open the https://demo.collectiveaccess.org/find/QuickSearch/Index click on search input the code in search bar clickme https://i.ibb.co/tmB0K64/client.png Impact This vulnerability is injecting malicious code into application...
CVE-2020-18116
A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection...
PT-2021-2242 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.10.1 Moodle versions prior to 4.0.0-beta Description: The issue is related to insufficient escaping of search queries in certain search inputs, which can lead to reflected Cross-site Scripting XSS attacks. This allo...
S-cart Cross-Site Scripting Vulnerability
S-cart is a Php-based e-commerce management platform from the S-cart community. A cross-site scripting vulnerability exists in s-cart core before version 4.4, which stems from a lack of detection of client-side input in the search function of the admin dashboard in...
CVE-2019-19390
The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues...
CVE-2019-20058
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...
U.S. Dept Of Defense: [█████] — DOM-based XSS on endpoint `/?s=`
Description GET parameter s is vulnerable to DOM-based XSS on endpoint /?s=. XSS affects all users and no authentication or login is required. Proof of Concept Visit the following URL for PoC: https://██████/?s=%27%3E%3Cscript%3Ealertdocument.domain%3C/script%3E █████████ Explanation This DOM-bas...
CVE-2018-0135
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this...
Cisco Unified Communications Manager Information Disclosure Vulnerability
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this...
engrip.com XSS vulnerability
Vulnerable URL: https://www.engrip.com/search?searchinput=onboarding"'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1858001 VIP website status:| No Coordinated Disclosure...
PT-2017-10691 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 11.0.3 Description: The issue is related to inadequate escaping, leading to a XSS vulnerability in the search module. A user must write or paste malicious content into the search dialogue for it to be...
Webspell 4.2.1 asearch.php SQL Injection Vulnerability
No description provided by source. INFORMATION +Name : webspell 4.2.1 asearch.php SQL Injection Vulnerability +Author : silent vapor +Date : 29.09.2010 +Script : webspell 4.2.1 +Price : free +Language :PHP +Discovered by silent vapor +Underground Agents +Greetz to Team-Internet,...
SweetRice CMS 1.2.5 Cross Site Scripting
Exploit Title: SweetRice Cms Multiple Cross Site Scripting Vulnerabilities Date: 06/01/2013 Author: Nikhalesh Singh Bhadoria Twitter: @nikhaleshsingh Download Link: http://www.basic-cms.org/ Versions Affected: SweetRice 1.2.5 Category:Xss...
Power-IT CMS Cross Site Scripting
Exploit Title: Power-IT Cms Cross Site Scripting Vulnerability Google Dork: intext:"Powered by PowerIT" Date: 08/24/2012 Author: Crim3R Vendor Home : http://www.poweritschools.com/ Tested on: all ====================================== POST DATA /Host: www.ceca-ct.org User-Agent: Mozilla/5.0 Windo...