CVE-2021-47954

LayerBB 1.1.4 contains an unauthenticated SQL injection vulnerability in the search_query parameter. An attacker can send POST requests to /search.php with crafted search_query values (e.g., using CASE WHEN statements) to manipulate queries and extract sensitive database information. No remediati...

LayerBB SQL注入漏洞

LayerBB is a set of small-scale forum software. Version 1.1.4 of LayerBB contains an SQL injection vulnerability. This vulnerability stems from SQL injection issues, which may allow unauthenticated attackers to inject SQL code through the searchquery parameter, thereby manipulating database queri...

CVE-2018-25205 ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

CVE-2026-27503

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

PT-2026-21271

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the q parameter in the /search/index.html process. An attacker can execute arbitrary JavaScript code in a victim'...

CVE-2026-2736

Reflected Cross-site Scripting XSS in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user...

PT-2025-47075

Name of the Vulnerable Software and Affected Versions Code-Projects Student Information System version 2.0 Description A flaw exists in Code-Projects Student Information System 2.0 related to SQL injection. The issue is located in the /searchquery.php file, where manipulation of the s argument ca...

EUVD-2005-4491

Malware in sbrugna...

CVE-2025-50690

A Cross-Site Scripting XSS vulnerability exists in SpatialReference.org OSGeo/spatialreference.org versions prior to 2025-05-17 commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491. The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a...

CVE-2018-10704

yidashi yii2cmf 2.0 has XSS via the /search q parameter...

CVE-2025-30352 Directus `search` query parameter allows enumeration of non permitted fields

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...

miniCal SQL注入漏洞

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 SQL injection vulnerability , the vulnerability stems from the file /booking/showbookings/ parameter searchquery lack of validation of external input SQL statements , an attacker can use this vulnerability to execute illegal...

GHSA-6C8C-F2W2-JVJR Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/helphead.jsp, 2 workplaceresource parameter to...

falke.com XSS vulnerability

Vulnerable URL: http://www.falke.com/dede/search?query=1zqjqe...

udt.ru XSS vulnerability

Vulnerable URL: http://udt.ru/search/?q=%22%3E%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%2FXSSPOSED%2F%3E=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA Details: Description| Value ---|--- Patched:| Yes, at 22.05.2017 Latest check for patch:| 22.05.2017 03:08 GMT Vulnerability type:| XSS Vulnerability status...

LivelyCart SQL Injection Vulnerability

LivelyCart is a PHP online storage store based on JQuery. A SQL injection vulnerability exists in LivelyCart version 1.2.0. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the 'searchquery' parameter in the product/search URI...

dotCMS search-results.dot search_query Parameter XSS

The remote host is using dotCMS, an open source J2EE / Java web content management system. The version of dotCMS installed on the remote host fails to sanitize input to the 'searchquery' parameter of the 'search-results.dot' script before using it to generate dynamic HTML output. An attacker may ...

CVE-2008-1076

Cross-site scripting XSS vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...