630 matches found
CVE-2024-33748
CVE-2024-33748 affects Maven net.mingsoft MS Basic 2.1.13.4 and earlier. The issue is a Cross-site Scripting (XSS) vulnerability in the search function caused by insufficient input sanitization in the affected product, enabling injection of script code in users’ browsers. The CVE entry reports a ...
CVE-2024-33121
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search function...
CVE-2024-33121
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search function...
Roothub 安全漏洞
Roothub is a forum system developed using SSM and MySQL. A security vulnerability exists in Roothub v2.6, which was discovered to contain an SQL injection vulnerability via the "s" parameter in the search function...
CVE-2024-33121
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search function...
CVE-2024-33121
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search function...
CVE-2024-33121
CVE-2024-33121 affects Roothub v2.6, where the SQL injection vulnerability exists in the search() function through the 's' parameter. Exploitation details are not provided in the documents, but multiple sources corroborate an SQL injection issue in Roothub v2.6. The CVSS v3.1 base score is 6.3 (M...
ROS-20240328-15
A vulnerability in the Web Browser UI of Google Chrome and Microsoft Edge browsers is related to incorrectly implemented security checks for standard elements. implemented security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to conduct...
BaserCMS Command Injection Vulnerability (CNVD-2024-13537)
baserCMS is an enterprise-level content management system CMS from the baserCMS team. A command injection vulnerability exists in versions of baserCMS prior to 5.0.9, which stems from a failure to properly filter constructed command special characters, commands, etc. in the site search function. ...
PT-2024-20890 · Justice Systems · Justice Systems Fullcourt Enterprise
Name of the Vulnerable Software and Affected Versions: Justice Systems FullCourt Enterprise version 8.2 Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function. This enables the attacker to...
CVE-2024-25327
Cross Site Scripting XSS vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function...
CVE-2024-25327
CVE-2024-25327 affects Justice Systems FullCourt Enterprise v8.2. The vulnerability is a reflected Cross Site Scripting (XSS) in the formatCaseNumber parameter of the Citation search function, allowing a remote attacker to execute arbitrary code by supplying crafted input. Affected product/compon...
Cross site scripting
Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function...
PT-2024-21975 · Dotclear · Dotclear
Name of the Vulnerable Software and Affected Versions: Dotclear version 2.29 Description: A Reflected Cross-Site Scripting XSS issue has been identified in the Search functionality of the Admin Panel. Recommendations: For Dotclear version 2.29, consider disabling the Search functionality within t...
CVE-2024-24275
Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function...
Cross site scripting
Cross Site Scripting XSS vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function...
CVE-2024-25865
Cross Site Scripting XSS vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function...
CVE-2024-25865
CVE-2024-25865 describes a Cross-Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allowing remote attackers to execute arbitrary code via the algolia search function. The issue is documented across multiple sources (NVD, Red Hat, GHSA, OSV, CNNVD, etc.) with consistent descriptio...
Sql injection
Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...
Sql injection
SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file...