20 matches found
CVE-2025-67146
Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in 1 membersearch.php, 2 trainersearch.php, and 3 gymsearch.php, and via the 'id' parameter in 4 paymentsearch.php. An unauthenticated remote attacker can exploit these issues to inje...
EUVD-2022-5642
Malicious code in bioql PyPI...
EUVD-2022-7056
Malicious code in bioql PyPI...
CVE-2010-1625
Cross-site scripting XSS vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448...
CVE-2023-34244 GLPI vulnerable to reflected XSS in search pages
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8...
ProcessWire vulnerable to Cross-site Scripting
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...
GHSA-8G35-PRRR-GXXF ProcessWire vulnerable to Cross-site Scripting
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...
CVE-2022-40487
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...
CVE-2022-40487
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...
Cross site scripting
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...
PT-2022-25403 · Unknown · Processwire
Name of the Vulnerable Software and Affected Versions: ProcessWire version 3.0.200 Description: The issue allows attackers to execute arbitrary web scripts or HTML via injection of a crafted payload, leveraging multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are...
CVE-2022-40487
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...
UBUNTU-CVE-2022-29250
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user...
CVE-2022-29250 SQL injection in GLPI
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user...
Search API Pages - Critical - Cross Site Scripting - SA-CONTRIB-2021-046
This module enables you to create simple search pages based on Search API without the use of Views. The module doesn’t sufficiently escape all variables provided for custom templates. This vulnerability is mitigated by the fact that the default template provided by the module is not affected...
Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. Description Bing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to searc...
CVE-2008-4809
Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Information disclosure
Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-4809
Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
netscapeXSS.txt
Netscape.com - Cross site scripting vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...