8 matches found
CVE-2021-47856
Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content...
CVE-2025-9431
The CVE-2025-9431 entry concerns mtons mblog up to version 3.5.0. The vulnerability affects the /search function, where manipulation of the kw argument enables cross-site scripting. The issue can be exploited remotely, and exploits have been published. Public sources in the connected documents (e...
Code-Projects Responsive Blog 代码注入漏洞
Code-Projects Responsive Blog is an open source responsive blog by Code-Projects. A code injection vulnerability exists in Code-Projects Responsive Blog version 1.0, which stems from cross-site scripting due to incorrect manipulation of the parameter keyword in the file /search.php...
CVE-2023-36213
SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function...
MotoCMS SQL注入漏洞
MotoCMS is a simple website builder from MotoCMS. MotoCMS version v3.4.3 suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. The vulnerability can be exploited by an attacker to gain privileges via the keyword...
WUZHI CMS SQL Injection Vulnerability (CNVD-2019-03304)
WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in the coreframe/app/coupon/admin/copyfrom.php file in WUZHI CMS version 4.1.0. A remote attacker can exploit this vulnerabili...
CVE-2018-16372
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued...
SQL Injection Vulnerability in Zhimei Cloud Management System of Henan Qingfeng Network Technology Co.
Zhimei cloud management system is a set of station management system developed by Henan Qingfeng Network Technology Co. There is a SQL injection vulnerability in the Zhimei Cloud Management System of Henan Qingfeng Network Technology Co. The vulnerability is due to the product/sousuo?key= paramet...