CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

EUVD-2019-4509

Malware in sbrugna...

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

Sql injection

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-4297 WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-4297

CVE-2022-4297 affects the WP AutoComplete Search WordPress plugin (v1.0.4 and earlier). The root cause is failure to sanitize/escape a parameter used in an SQL statement inside an unauthenticated AJAX endpoint (q parameter), enabling unauthenticated SQL injection with high impact. Public exploit ...

WordPress plugin WP AutoComplete Search SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2023-14165 · WordPress · Wp Autocomplete Search

Name of the Vulnerable Software and Affected Versions: WP AutoComplete Search WordPress plugin versions 1.0.4 and earlier Description: The issue arises from the plugin's failure to sanitise and escape a parameter before using it in a SQL statement via an AJAX endpoint available to unauthenticated...

CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

CVE-2019-12932

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php...

CVE-2019-12932

SeedDMS 5.1.11 is affected by a stored XSS weakness originating from insufficient escaping of the autocomplete search results in the header’s out/out.Viewfolder.php. The vulnerability allows injection of malicious scripts via the search autocomplete field, with the issue surface described consist...

PT-2018-16182 · Nextcloud · Nextcloud Calendar

Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar versions prior to 1.5.8 Nextcloud Calendar versions prior to 1.6.1 Description: A stored XSS issue exists due to missing sanitization of search results for an autocomplete field, requiring user-interaction. This issue is...

CVE-2015-4375

The Chaos tool suite ctools module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via 1 an autocomplete search on custom entities without an access query tag or 2 leveraging knowledge of the ID of an entity...