CVE-2023-2785

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...

Denial of service

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...

CVE-2023-2785

Mattermost contains a vulnerability (CVE-2023-2785) where failure to properly truncate PostgreSQL log messages for failed search queries can allow an attacker to generate large log files, potentially leading to Denial of Service. Affected software is Mattermost; the root cause is truncation of er...

CVE-2023-2785 Specially crafted search query can cause large log entries in postgres

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...

PT-2023-21375 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: Mattermost fails to properly truncate the postgres error log message of a search query failure, allowing an attacker to cause the creation of large log files, which can result in Denial ...

Reflected XSS at search_query[] query string

Description Reflected XSS Cross-Site Scripting is a common web security vulnerability that can occur when a user inputs malicious Javascript syntax into the search field. The search function allows users to look for content on the website, and the search keywords are appended to the URL query...

CVE-2021-32848

Octobox is software for managing GitHub notifications. Prior to pull request PR 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807...

PT-2023-12181 · Octobox · Octobox

Name of the Vulnerable Software and Affected Versions: Octobox versions prior to pull request 2807 Description: Octobox is software for managing GitHub notifications. A user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability...

SUSE CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

SUSE CVE-2018-14648

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the dosearch function. An unauthenticated attacker could use this flaw to provoke a denial of service...

CVE-2022-36922

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...

EUVD-2022-6260

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...

CVE-2022-32014

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction...

GHSA-QC2P-6QRF-25J2 laracom Cross-site Scripting

laracom aka Laravel FREE E-Commerce Software 1.4.11 has a Cross-site Scripting vulnerability via search query...

laracom Cross-site Scripting

laracom aka Laravel FREE E-Commerce Software 1.4.11 has a Cross-site Scripting vulnerability via search query...

GHSA-MRC2-H7Q2-PP97 Firefly III vulnerable to reflected cross-site scripting

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query...

Firefly III vulnerable to reflected cross-site scripting

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query...

GHSA-6C8C-F2W2-JVJR Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/helphead.jsp, 2 workplaceresource parameter to...

GHSA-PW34-QF6C-84FC phpMyAdmin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

phpMyAdmin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...