Lucene search
K

126 matches found

OSV
OSV
added 2022/07/11 1:15 p.m.5 views

CVE-2022-1474

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00796EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.6 views

Pybbs 跨站脚本漏洞

Pybbs is a community forum for more practical Java development. A cross-site scripting vulnerability exists in Pybbs, which stems from the product's search box not effectively handling special characters in user input data. An attacker can exploit this vulnerability to execute client-side code...

6.1CVSS5.4AI score0.00621EPSS
Exploits1References2
OSV
OSV
added 2021/12/13 11:15 a.m.4 views

CVE-2021-42547

Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

6.1CVSS6.4AI score0.00729EPSS
Exploits0References1
OSV
OSV
added 2021/11/15 10:15 a.m.4 views

CVE-2021-42838

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks...

6.1CVSS5.8AI score0.0061EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.2 views

Macrob7 Macs Framework Content Management System 跨站脚本漏洞

Zenar Content Management System is an open source content management system CMS from the Zenar team. A cross-site scripting vulnerability exists in Macrob7 Macs Framework Content Management System version 1.14, which can be exploited by an attacker via the search input field of the search module...

6.1CVSS6AI score0.00716EPSS
Exploits1References2
Huntr
Huntr
added 2021/09/25 6:37 p.m.18 views

Code Injection in collectiveaccess/providence

Description client side injection Proof of Concept open the https://demo.collectiveaccess.org/find/QuickSearch/Index click on search input the code in search bar clickme https://i.ibb.co/tmB0K64/client.png Impact This vulnerability is injecting malicious code into application...

0.4AI score
Exploits0References1
OSV
OSV
added 2021/08/27 9:15 p.m.3 views

CVE-2020-18116

A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection...

8.8CVSS5.8AI score0.01126EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/01/11 12:0 a.m.6 views

PT-2021-2242 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.10.1 Moodle versions prior to 4.0.0-beta Description: The issue is related to insufficient escaping of search queries in certain search inputs, which can lead to reflected Cross-site Scripting XSS attacks. This allo...

9.8CVSS6AI score0.52299EPSS
Exploits25References104
CNNVD
CNNVD
added 2020/12/15 12:0 a.m.9 views

S-cart Cross-Site Scripting Vulnerability

S-cart is a Php-based e-commerce management platform from the S-cart community. A cross-site scripting vulnerability exists in s-cart core before version 4.4, which stems from a lack of detection of client-side input in the search function of the admin dashboard in...

7.2CVSS6.4AI score0.00873EPSS
Exploits1References5
OSV
OSV
added 2020/04/15 5:15 p.m.5 views

CVE-2019-19390

The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues...

5.4CVSS6.1AI score0.00545EPSS
Exploits1References1
NVD
NVD
added 2019/12/29 7:15 p.m.22 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

6.1CVSS5.9AI score0.007EPSS
Exploits1References1
Hacker One
Hacker One
added 2019/10/06 4:14 p.m.35 views

U.S. Dept Of Defense: [█████] — DOM-based XSS on endpoint `/?s=`

Description GET parameter s is vulnerable to DOM-based XSS on endpoint /?s=. XSS affects all users and no authentication or login is required. Proof of Concept Visit the following URL for PoC: https://██████/?s=%27%3E%3Cscript%3Ealertdocument.domain%3C/script%3E █████████ Explanation This DOM-bas...

0.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2018/02/08 7:29 a.m.3 views

CVE-2018-0135

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this...

4.3CVSS5.7AI score0.01263EPSS
Exploits0References4
Cisco
Cisco
added 2018/02/07 4:0 p.m.45 views

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this...

4.3CVSS1.2AI score0.01263EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2017/08/16 9:50 a.m.13 views

engrip.com XSS vulnerability

Vulnerable URL: https://www.engrip.com/search?searchinput=onboarding"'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1858001 VIP website status:| No Coordinated Disclosure...

6.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2017/05/08 12:0 a.m.6 views

PT-2017-10691 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 11.0.3 Description: The issue is related to inadequate escaping, leading to a XSS vulnerability in the search module. A user must write or paste malicious content into the search dialogue for it to be...

5.4CVSS5.1AI score0.00739EPSS
Exploits0References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Webspell 4.2.1 asearch.php SQL Injection Vulnerability

No description provided by source. INFORMATION +Name : webspell 4.2.1 asearch.php SQL Injection Vulnerability +Author : silent vapor +Date : 29.09.2010 +Script : webspell 4.2.1 +Price : free +Language :PHP +Discovered by silent vapor +Underground Agents +Greetz to Team-Internet,...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/06/04 12:0 a.m.17 views

SweetRice CMS 1.2.5 Cross Site Scripting

Exploit Title: SweetRice Cms Multiple Cross Site Scripting Vulnerabilities Date: 06/01/2013 Author: Nikhalesh Singh Bhadoria Twitter: @nikhaleshsingh Download Link: http://www.basic-cms.org/ Versions Affected: SweetRice 1.2.5 Category:Xss...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2012/08/25 12:0 a.m.25 views

Power-IT CMS Cross Site Scripting

Exploit Title: Power-IT Cms Cross Site Scripting Vulnerability Google Dork: intext:"Powered by PowerIT" Date: 08/24/2012 Author: Crim3R Vendor Home : http://www.poweritschools.com/ Tested on: all ====================================== POST DATA /Host: www.ceca-ct.org User-Agent: Mozilla/5.0 Windo...

Exploits0
Packet Storm
Packet Storm
added 2006/08/17 12:0 a.m.22 views

OZJournal15.txt

OZJournal v1.5 Homepage: http://ozjournals.awardspace.com/index.php Affected files: search input box index.php viewing archives show comment page ---------------------------------------- XSS vulnerability via search input box: Data isn't properly sanatized before being displayed. For a PoC in the...

7.4AI score
Exploits0
Rows per page
Query Builder