Lucene search
K

4 matches found

NVD
NVD
added 2026/06/02 4:16 p.m.10 views

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS0.00341EPSS
Exploits2References6
EUVD
EUVD
added 2026/06/02 2:7 p.m.11 views

EUVD-2026-33936

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.4AI score0.00341EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:7 p.m.6 views

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.4AI score0.00341EPSS
Exploits2References6
Prion
Prion
added 2020/03/22 5:15 a.m.25 views

Sql injection

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a...

6CVSS8AI score0.02115EPSS
Exploits0References8Affected Software5
Rows per page
Query Builder