CVE-2021-25015

The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue...

OpenLDAP < 2.4.30 DoS Vulnerability

OpenLDAP is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities

The theme did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues - Unauthenticated Reflected XSS | Search query, vulnerable parameters: keywordsearch and locationsearch - Authenticated Persistent XSS & XFS |...

Adobe Acrobat Reader DC JavaScript search query code execution vulnerability

Summary A use-after-free vulnerability exists in the way Adobe Acrobat Reader DC 2020.013.20074 executes search queries through JavaScript. A specially crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious file to...

FreeBSD : mdbook -- XSS in mdBook's search page (40b481a9-9df7-11eb-9bc3-8c164582fbac)

Rust Security Response Working Group reports : The search feature of mdBook introduced in version 0.1.4 was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query...

Cross-Site Scripting (XSS)

pki-core is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javasceript in a user's browser through a DOM-based XSS attack via the search query form...

Moodle 跨站脚本漏洞

Moodle is a learning platform designed to provide educators, administrators, and learners with a powerful, secure, and integrated system for creating personalized learning environments. A reflected cross-site scripting vulnerability exists in Moodle versions prior to 3.10.1. The vulnerability ste...

Gitlab Denial of Service Vulnerability (CNVD-2020-70850)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A denial of service vulnerability exists in all versions ...

Information Disclosure

elasticsearch is vulnerable to information disclosure. The vulnerability exists when Document or Field Level Security is used, as search queries do not properly preserve security permissions when executing certain complex queries...

Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitise the search query, leading to an unauthenticated reflected Cross-Site Scripting issue PoC /?s=%3Cimg%20src%20onerror=alert/XSS/%3E...

dorkScanner - A Typical Search Engine Dork Scanner Scrapes Search Engines With Dorks That You Provide In Order To Find Vulnerable URLs

A typical search engine dork scanner that scrapes search engines with queries that you provide in order to find vulnerable URLs. Introduction Dorking is a technique used by newsrooms, investigative organisations, security auditors as well as tech savvy criminals to query various search engines fo...

CVE-2019-20210

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query...

Cross site scripting

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query...

CVE-2019-20210

The CVE-2019-20210 entry affects WordPress themes CTHthemes CityBook &lt; 2.3.4, TownHub &lt; 1.0.6, and EasyBook

CVE-2019-20210

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query...

Exploit for Path Traversal in Ivanti Connect_Secure

pulsexploit Automated script for Pulse Secure SSL VPN exploit...

CVE-2010-2222

The gerparsecontrol function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service NULL pointer dereference via a crafted search query...

Null pointer dereference

The gerparsecontrol function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service NULL pointer dereference via a crafted search query...

This is what our summer’s like

For the second summer straight, we cover the children's interests during the period when they have enough leisure to give themselves full time to their hobbies. Modern children are active users of the internet, so most of their interests find reflection in their online activities, which are the...

CVE-2019-15569

HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java...