630 matches found
WTCMS Cross-Site Scripting Vulnerability (CNVD-2021-69268)
WTCMS is a content management system CMS based on ThinkPHP.A cross-site scripting vulnerability exists in the keyword search function under the backend article module of WTCMS. No detailed vulnerability details are provided at this time...
CVE-2020-21362
A cross site scripting XSS vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter...
WordPress Post Grid plugin cross-site scripting vulnerability
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Post Grid plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress Po...
CVE-2021-32544
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS Cross-site scripting attacks...
Cross site scripting
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS Cross-site scripting attacks...
CVE-2021-32544
CVE-2021-32544 relates to Intelligent Global Technology Ltd. igt+ where the search function fails to filter special characters in certain fields, enabling remote authenticated attackers to inject malicious JavaScript and perform DOM-based XSS. The vulnerability is described as DOM-based XSS with ...
WordPress Greenmart theme cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Greenmart theme version 2.4.2, which originates in th...
PT-2020-15646 · United Planet · Intrexx
Name of the Vulnerable Software and Affected Versions: Intrexx versions prior to 9.4.0 Description: The issue is related to a cross-site scripting XSS vulnerability in the search functionality. This allows remote attackers to inject arbitrary web script or HTML via the request parameter...
Microsoft SharePoint Server 2013 < 15.0.5241.1000 Multiple Vulnerabilities
According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application...
Microsoft SharePoint Server 2019 < 16.0.10359.20000 Multiple Vulnerabilities
According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application...
CVE-2020-1103
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks a variant of cross-site request forgery, CSRF.When users are simultaneously logged in to Microsoft SharePoint Server and visit a...
CVE-2020-1103
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks a variant of cross-site request forgery, CSRF.When users are simultaneously logged in to Microsoft SharePoint Server and visit a...
Microsoft SharePoint Information Disclosure Vulnerability
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks a variant of cross-site request forgery, CSRF. When users are simultaneously logged in to Microsoft SharePoint Server and visit a...
Rockstar Games: Information Disclosure in https://www.rockstargames.com/search
In this report the researcher identified a flaw in our search function that caused it to display unintended error messages. These error messages contained detailed error codes that could reveal information useful to attackers. Thanks to this report we were able to address this behavior so that th...
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Exploit Title: LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Date: 2020-01-14 Vendor Homepage: https://www.learndash.com Vendor Changelog: https://learndash.releasenotes.io/release/uCskc-version-312...
CVE-2020-8645
An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is jobid. The function is getJobApplicationsByJobId. The file is lib/class.JobApplication.php...
Apache Atlas Stored Cross-Site Scripting Vulnerability
Apache Atlas is a scalable set of core infrastructure governance services that enable organizations to efficiently meet compliance requirements in Hadoop and allow integration with the entire enterprise data ecosystem. A stored cross-site scripting vulnerability exists in the search function in...
HackerOne: Searching from Hacktivity returns hits for words in limited disclosure reports that are not visible
Summary: It appears I'm able to discover words used in limited disclosed reports, that are not publicly visible, by using the search function available from the Hactivity page. Description: Recently I was investigating a finding for another program which involved exploiting XSS ████. I wondered h...
CVE-2019-9230
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting XSS vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script o...
Information Disclosure
trytond is vulnerable to information disclosure. There is no checking for order against the field value in the search function, allowing an authenticated user to guess a field for which he has no access right and order records based on that value...