Sucms 安全漏洞

Sucms is a completely open source and free PHP+MYSQL system by China Subianji team. A security vulnerability exists in Sucms version 1.0, which originates from the parameter uid in the file /admin/adminmembers.php?ac=search that can lead to SQL injection...

CVE-2024-10716

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search...

Information Exposure

Overview taegis-magic is a Taegis IPython Magics Affected versions of this package are vulnerable to Information Exposure due to the exposure of inspect.currentframe.flocals in the search function in events.py, which exposes a GraphQLService object. This may include sensitive internal values such...

PT-2024-9704 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue is related to the ldap search dn function in the mainfunction.cgi script of the Draytek Vigor3900 web interface. It allows attackers to inject malicious commands and execute arbitrary...

The vulnerability of the cgi_photo_search() function (/cgi-bin/photocenter_mgr.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.

The vulnerability of the cgiphotosearch function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4...

CVE-2024-42697

Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function...

WordPress plugin Front End Users 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-40500

Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component...

CVE-2024-40500

CVE-2024-40500 affects Martin Kucej i-librarian versions 5.11.0 and earlier. Description: a Cross-Site Scripting vulnerability in the import component’s search function can allow a local attacker to execute arbitrary code. The issue is due to improper handling in the search/import flow. Impact is...

CVE-2024-40500

Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component...

[SECURITY] Fedora 40 Update: keepassxc-2.7.8-2.fc40

KeePassXC is a community fork of KeePassX KeePassXC is an application for people with extremely high demands on secure personal data management. KeePassXC saves many different information e.g. user names, passwords, urls, attachemts and comments in one single database. For a better management...

U.S. Dept Of Defense: Self XSS

A self-XSS vulnerability was discovered in the search function at "https://█████████/ords/f?p=1001:2::::::" where a normal XSS payload could be injected and executed...

Cross-site Scripting (XSS)

MS Basic vulnerable to a cross-site scripting XSS vulnerability. The vulnerability is due to insufficient input sanitization in the search function, allowing attackers to inject malicious scripts into the search input, potentially leading to the execution of arbitrary code in the context of other...

MS Basic Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

GHSA-64CM-3CJ3-67HF MS Basic Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

CVE-2024-33748

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

CVE-2024-33748

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

MvnRepository MS Basic 安全漏洞

MvnRepository MS Basic is an application from MvnRepository, Inc. A security vulnerability exists in MvnRepository MS Basic version 2.1.18.3 and prior versions, which stems from a cross-site scripting XSS vulnerability in the search function...

CVE-2024-33748

CVE-2024-33748 affects Maven net.mingsoft MS Basic 2.1.13.4 and earlier. The issue is a Cross-site Scripting (XSS) vulnerability in the search function caused by insufficient input sanitization in the affected product, enabling injection of script code in users’ browsers. The CVE entry reports a ...

PT-2024-25461 · Unknown · Mvnrepository Ms Basic +1

Name of the Vulnerable Software and Affected Versions: MvnRepository MS Basic versions 2.1.18.3 and earlier Maven net.mingsoft MS Basic versions 2.1.13.4 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability in the search function. This type of vulnerability...