MooSocial 3.1.8 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL. id: CVE-2023-45542 info: name: MooSocial 3.1.8 - Cross-Site Scripting author...

HCL Digital Experience Compose 安全漏洞

HCL Digital Experience Compose is an enterprise-level content creation and digital experience management platform developed by the Indian company HCL. HCL Digital Experience Compose has a security vulnerability, which stems from a reflection-type cross-site scripting issue in the search center...

EUVD-2026-33473

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

CVE-2026-10153

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

CVE-2026-10153 westboy CicadasCMS AbstractCacheManager.java search cross site scripting

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

CVE-2026-10153

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

CVE-2026-10153

CVE-2026-10153 affects westboy CicadasCMS; the issue resides in the Search function of org/springframework/cache/support/AbstractCacheManager.java, where manipulation of the argument s enables cross-site scripting. Exploitation is remote and the exploit has been published. The project uses a roll...

PT-2026-45138

A flaw has been found in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is the function Search of the file org/springframework/cache/support/AbstractCacheManager.java. This manipulation of the argument s causes cross site scripting. Remote exploitation of the attack i...

Giskard 安全漏洞

Giskard is an open-source evaluation and testing framework for artificial intelligence systems developed by Giskard. Versions of Giskard prior to 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from the direct passing of user-provided regular expressions to the re.search...

VSCO 安全漏洞

VSCO is a photo and video editor developed by the VSCO company. Version VSCO 1.1.1.0 contains a security vulnerability. This vulnerability arises from the search function’s improper handling of overly long strings, which may allow local attackers to cause the application to crash by submitting...

VPN Browser+ 安全漏洞

VPN Browser+ is a mobile browser application developed by VPN Browser Company, featuring integrated virtual private network capabilities. Version 1.1.0.0 of VPN Browser+ contains a security vulnerability. This vulnerability stems from the search function’s improper handling of extremely large...

FastTube 安全漏洞

FastTube is a third-party client provided by FastTube Corporation for watching YouTube videos. Version 1.0.1.0 of FastTube contains a security vulnerability. This vulnerability stems from the search function’s improper handling of overly long strings, which may allow local attackers to cause the...

SIMPLE.ERP SQL注入漏洞

SIMPLE.ERP is an e-commerce platform provided by the SIMPLE company. Versions of SIMPLE.ERP prior to [email protected] contained a SQL injection vulnerability. This vulnerability stemmed from the lack of input validation in the search function, which could lead to SQL injection attacks...

elearning-script SQL injection vulnerability

elearning-script is an e-learning blog developed by Amit Kollol Dey. Version 0.1.0 of elearning-script has a SQL injection vulnerability. This vulnerability arises from the lack of validation for user input in the search function, which may lead to SQL injection attacks...

LavaLite cross-site scripting vulnerabilities

LavaLite is a lightweight content management system developed under the Lavalite open source project. Versions of LavaLite 10.1.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from improperly encoded HTML or JavaScript stored in the package creation and...

CVE-2025-67261

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page...

CVE-2025-67261

CVE-2025-67261 affects Abacre Retail Point of Sale 14.0.0.396. The issue is a content-based blind SQL injection in the Orders page > Search function. Technical evidence shows exploit payloads attempting to infer database structure (e.g., existence of Client table via EXISTS(SELECT 1 FROM Clien...

CVE-2025-67261

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page...

Hikvision NVR/DVR Devices 安全漏洞

Hikvision NVR/DVR Devices are a series of network cameras from Hikvision, a Chinese company. A security vulnerability exists in Hikvision NVR/DVR Devices that stems from a stack overflow in the device's search and discovery function, which could allow an attacker on the same LAN to cause the devi...

CVE-2022-38291

SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting XSS vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar...