358 matches found
CVE-2022-29721
Affected software: 74cmsSE v3.5.1 (74cmsSE is an online recruitment system based on PHP/MySQL). Vulnerability: SQL injection via the keyword parameter in /home/jobfairol/resumelist. Root cause described as lack of input validation on the parameter, enabling externally entered SQL statements. Impa...
CVE-2021-24986
The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form...
Cross-site Scripting (XSS)
Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in the processStartTag function of ManagementToolbarTag.java because the keyword parameter of the search function is not properly escaped, which allows an attacker to inject and execute arbitrary web...
Montala ResourceSpace SQL注入漏洞
ResourceSpace is a digital asset management tool that enables users to organize their digital assets. a SQL injection vulnerability exists in pages/editfields/9ajax/addkeyword.php in ResourceSpace. The vulnerability can be exploited by an attacker to execute arbitrary SQL commands via the k...
CVE-2020-36492
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component selectmedia.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum parameters...
CVE-2020-36491
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component tagsmain.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum parameters...
CVE-2020-23044
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filepicview.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum parameters...
DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the activepath, keyword,...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the activepath, keyword,...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the activepath, keyword,...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via activepath, keyword, tag,...
Desdev DedeCMS 跨站脚本漏洞
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via activepath, keyword, tag,...
Delta Electronics DIAEnergie SQL注入漏洞
A SQL blind injection vulnerability exists in the /DataHandler/HandlerCFG.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter keyword before using the value as part of a SQL...
SQL Injection
Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to SQL Injection via the keyword parameter in /scadmin/currency. Remediation Upgrade s-cart/core to version 6.3.0.3 or higher. References - GitHub Additional Information - GitHub Commi...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WooCommerce WordPress plugin for PickPlugins Product slider...
CVE-2020-16632
A XSS Vulnerability in /uploads/dede/actionsearch.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter...
Cross site scripting
A XSS Vulnerability in /uploads/dede/actionsearch.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter...
cxuucms SQL Injection Vulnerability
Cxuucms is a PHP-based content relationship building system. cxuucms v3 suffers from a SQL injection vulnerability that originates from leaking all database data via search.php via the keyword parameter. No detailed vulnerability details are available at this time...
Cross site scripting
A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field...
CVE-2019-6112
A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field...