GHSA-898P-HH3P-HF9R Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

CVE-2025-59816 Authenticated Union based SQL-injection in the search input field

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...

TD Bank: Search input is vulnerable for XSS in qa.td.com and dev.td.com

Summary: I was able to exploit search input in qa.td.com. Steps To Reproduce: Go to qa.td.com and use the search option to reproduce this vulnerability Supporting Material/References: F2152622 attachment / reference Example-...

Academy Learning Management System 跨站脚本漏洞

Academy Learning Management System is an Academy Learning Management System from the Creativeitem team. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the Search parameter, which could be exploited to launch a reflective cross-site scripting...

CVE-2006-2968

Cross-site scripting XSS vulnerability in search.php in PHP Labware LabWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input box query parameter...