CVE-2024-22406

Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...

CVE-2024-10716

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search...

CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

PT-2024-23709 · Unknown · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: phpgurukul Client Management System version 1.1 Description: The issue allows attackers to execute arbitrary code and obtain sensitive information via the "Search bar" in the /search-invoices.php endpoint. This is a Cross Site Scripting...

PT-2024-27714 · Unknown · Phpgurukul/Itsourcecode News Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul/itsourcecode News Portal version 4.1 Description: A critical issue has been found in the processing of the file search.php, where the manipulation of the searchtitle argument leads to sql injection. The attack may be initiated...

Mars: Sqli on ██████ search functionality

A SQL injection vulnerability was reported on the search functionality of the ██████ website. The vulnerability allowed an attacker to inject malicious SQL code into the search query...

Mars: sqli on █████████ search functionality

A SQL injection vulnerability was found in the search functionality of the █████████ website...

CVE-2024-27626

A Reflected Cross-Site Scripting XSS vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel...

Cross site scripting

A Reflected Cross-Site Scripting XSS vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel...

CVE-2024-2269 keerti1924 Online-Book-Store-Website search.php sql injection

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The...

CVE-2024-27626

A Reflected Cross-Site Scripting XSS vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel...

Cross Site Scripting (XSS)

com.liferay.portal:release.portal.bom and com.liferay.portal:release.dxp.bom are vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of user input validation within the search functionality if highlighting is disabled by adding any searchable content to the application...

GHSA-QMP9-2XWJ-M6M9 Blind SQL injection in shopware

Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this...

Mars: RXSS on ████ via q parameter

A reflected Cross-Site Scripting XSS vulnerability was identified on the ████████ website at the search endpoint. The vulnerability was present in the 'q' parameter of the search functionality, where user-supplied input was reflected back to the page without proper sanitization or encoding...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

Sql injection

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

CVE-2021-45811

CVE-2021-45811 is a confirmed SQL injection vulnerability in osTicket 1.15.x, affecting the Search functionality on tickets.php where authenticated users can manipulate the query via the combination of the keywords and topic_id URL parameters. The issue allows attackers to execute arbitrary SQL c...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...