36 matches found
CVE-2019-11003
In Materialize through 1.0.0, XSS is possible via the Autocomplete feature...
CVE-2024-2279
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...
EUVD-2021-25482
Malware in sbrugna...
EUVD-2017-3750
Malware in sbrugna...
EUVD-2011-2147
Malware in sbrugna...
EUVD-2019-8199
Malware in sbrugna...
EUVD-2011-4769
Malware in sbrugna...
EUVD-2019-0406
Malware in sbrugna...
EUVD-2011-4675
Malware in sbrugna...
EUVD-2011-4648
Malware in sbrugna...
EUVD-2022-5258
Malicious code in bioql PyPI...
CVE-2023-26443
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...
CVE-2019-15701
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands by spawning a child process as the current user on the victim's machine when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a...
MongoDB Shell may be susceptible to Control Character Injection via autocomplete
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete...
CVE-2024-2279
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...
CVE-2024-2279 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowin...
PT-2024-19565 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.7 through 16.8.6 GitLab CE/EE versions 16.9 through 16.9.3 GitLab CE/EE versions 16.10 through 16.10.1 Description: An issue has been discovered in GitLab CE/EE, where using the autocomplete for issues references...
SUSE CVE-2019-18449
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions issue 2 of 2...
CVE-2021-39045
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345...
Design/Logic Flaw
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345...