630 matches found
CVE-2022-41473
RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting XSS vulnerability in the Search function...
CVE-2022-41413
perfSONAR v4.x = v4.4.5 was discovered to contain a Cross-Site Request Forgery CSRF which is triggered when an attacker injects crafted input into the Search function...
CVE-2022-32297
Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function...
CVE-2021-42185
wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function...
CVE-2020-21362
A cross site scripting XSS vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter...
CVE-2020-20425
S-CMS Government Station Building System v5.0 contains a cross-site scripting XSS vulnerability in the search function...
CVE-2019-5934
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'...
CVE-2025-46729 phpDVDProfiler Cross-site Scripting vulnerability
julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v20230807 and prior to v20250511, cross-site scripting in the search function. v20250511 contains ...
CVE-2025-46729
CVE-2025-46729 affects julmud/phpDVDProfiler, a web-based frontend for Invelos DVDProfiler data. The vulnerability is a cross-site scripting (XSS) issue in the search function, present in versions v_20230807 through v_20250510; a patch was released in v_20250511. The CVSS 4.0 base score is 5.3 (M...
CVE-2025-46729 phpDVDProfiler Cross-site Scripting vulnerability
julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v20230807 and prior to v20250511, cross-site scripting in the search function. v20250511 contains ...
phpDVDProfiler 跨站脚本漏洞
phpDVDProfiler is an application by julmud Personal Developer. A cross-site scripting vulnerability exists in versions prior to phpDVDProfiler v20230807 through v20250511, which stems from cross-site scripting in the search function...
PT-2025-20691 · Invelos +1 · Dvdprofiler +1
Name of the Vulnerable Software and Affected Versions: julmud/phpDVDProfiler versions v 20230807 through v 20250510 Description: The issue concerns cross-site scripting in the search function of the software. This allows for potential malicious script execution when a user interacts with the sear...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the search function. An attacker can occupy excessive system resources by passing a malicious string with nested groups as the query parameter. PoC https://xxxx.sso.com/search?query=.11...
CVE-2025-29526
The CVE-2025-29526 entry affects Q4 Inc Investor Relations Platform v5.147.1.2, where an unfiltered input in the SearchTerm parameter of the search function enables Cross-Site Scripting (XSS), allowing arbitrary Javascript execution. Affected component: Search feature; root cause: insufficient in...
WordPress plugin Memberpress 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
PT-2025-15124 · Nimrod · Nimrod
Name of the Vulnerable Software and Affected Versions: godcheese/code-projects Nimrod version 0.8 Description: A critical vulnerability exists in godcheese/code-projects Nimrod 0.8. The vulnerability affects the searchAllByName function within the ViewMenuCategoryRestController.java file...
PT-2025-14885 · Unknown · Sourcecodester Library Management System
Name of the Vulnerable Software and Affected Versions: iSourcecode Library Management System version 1.0 Description: A critical issue was found in the Search function of the file library management/src/Library Management/Forgot.java. The manipulation of the txtuname argument leads to sql...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search functionality. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirectin...
ChatGPT-4o contains security bypass vulnerability through time and search functions called "Time Bandit"
Overview ChatGPT-4o contains a jailbreak vulnerability called "Time Bandit" that allows an attacker the ability to circumvent the safety guardrails of ChatGPT and instruct it to provide illicit or dangerous content. The jailbreak can be initiated in a variety of ways, but centrally requires the...
PT-2025-5266 · Coolify · Coolify
Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.380 Description: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. The issue arises when the tags page allows users to search for tags. If the search does...