CVE-2023-43718

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCHENABLETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

WordPress Simple:Press plugin <= 6.10.10 - Reflected Cross-Site Scripting via msearch vulnerability

Reflected Cross-Site Scripting via msearch vulnerability discovered by WordFence in WordPress Plugin Simple:Press versions = 6.10.10...

PT-2023-28937 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the MSEARCH ENABLE TITLE1 parameter. This potentially leads to unauthorized...

babel-plugin-transform-cssobj (=3.0.2), cssobj-converter (>=2.1.2 <=2.4.3) +5 more potentially affected by unknown CVE via objutil (>=2.0.2 <=2.17.4)

objutil NPM version =2.0.2, =2.1.2, =1.0.1, =1.0.0, =0.0.5, =0.0.21 Source cves: unknown CVE Source advisory: SNYK:JS-OBJUTIL-559496...

CVE-2019-20217

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because SERVERID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attack...

mediterraneanconnect.com XSS vulnerability

Open Bug Bounty ID: OBB-670232 Description| Value ---|--- Affected Website:| mediterraneanconnect.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2010-2340

SQL injection vulnerability in members.php in Arab Portal 2.2, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action...

Cross-site scripting vulnerability in the Unicode version of msearch

Overview The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch. Impact A malicious script may be executed on the user's web browser. Solution None...

msearch directory traversal vulnerability

Overview msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers. Impact A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files. Solution None...

CVE-2005-2339

Cross-site scripting XSS vulnerability in the Unicode version of msearch unicode-msearch 1.51U1-beta1, 1.51U1, and 1.52U1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2005-2339

Cross-site scripting XSS vulnerability in the Unicode version of msearch unicode-msearch 1.51U1-beta1, 1.51U1, and 1.52U1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2005-2339

The CVE-2005-2339 issue affects the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1). The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The JVN entry confirms the i...