CVE-2021-42546 Reflected XSS in search functionality of WP Cloud Plugins - Use-Your-Drive

Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

Out of the Box < 1.20.3 - Reflected Cross-Site Scripting

Insufficient Input Validation in the search functionality of the plugin allows attackers to perform a reflected Cross-Site Scripting attack...

Share One Drive < 1.15.3 - Reflected Cross-Site Scripting

Insufficient Input Validation in the search functionality of the plugin allows attackers to perform a reflected Cross-Site Scripting attack...

Cross-site Scripting (XSS) - Reflected in yeswiki/yeswiki

Description Hey all, i found that the search function of YesWiki integrates the searched term into a value attribute inside an input tag, for example if i do a search on sneaky for example, it will put the term sneaky inside a value attribute: html now if i add a double quote to the searched term...

Cross site scripting

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is...

CVE-2021-42119

CVE-2021-42119 describes a persistent cross-site scripting vulnerability in Business-DNA Solutions GmbH TopEase platform (version ≤ 7.1.27) exposed through the Search Functionality. The issue arises when authenticated users with Object Modification privileges can inject arbitrary HTML/JavaScript ...

CVE-2021-42119 Stored XSS in Search Function in TopEase

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then...

CVE-2021-25982 FactorJS - Reflected Cross-Site Scripting (XSS) in Search Functionality

In Factor App Framework & Headless CMS forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting XSS at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

Cross site scripting

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...

CVE-2021-24346 Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...

loewe.com Cross Site Scripting vulnerability OBB-2014944

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| loewe.com ---|--- Open Bug Bounty...

Nextcloud: Default Nextcloud Server and Android Client leak sharee searches to Nextcloud

On a clean Nextcloud setup the functionality "Search global and public address book for users" is enabled. Now when searching for a sharee to share with. The lookup parameter is not passed to the server. Resulting in...

SUSE-SU-2021:0123-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...

Cross-site Scripting (XSS)

s-cart is vulnerable to cross-site scirpting XSS. An attacker is able to inject and execute malicious script via the search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex...

CVE-2020-28457

This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS...

Cross site scripting

This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS...

Cross-Site Scripting (XSS)

ngx-bootstrap is vulnerable to cross-site scripting which allows an attacker to inject and execute arbitrary Javascript via the search and highlight functionality within the typeahead component...

Design/Logic Flaw

The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS...

CVE-2020-16140

The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS...

CVE-2020-24188

Cross-site scripting XSS vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter...