Cross-site Scripting (XSS)

Overview @apostrophecms/seo is a SEO Tools for ApostropheCMS Affected versions of this package are vulnerable to Cross-site Scripting XSS in renderNodes, via SEO Title and Meta Description values, where user-controlled input is rendered without proper output encoding into HTML contexts such as...

How Enterprise SEO Solutions Improve Brand Authority

Now, especially in a very competitive environment, it is essential to make your name shine. Enterprise SEO solutions…...

WordPress Plugin WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress Robots.txt...

CVE-2022-48120

CVE-2022-48120 concerns a SQL Injection flaw in kishan0725 Hospital Management System. The vulnerability is triggered in /search.php via the contact and doctor parameters, allowing an attacker to execute arbitrary commands. Root cause is a lack of input validation/parameterization in the affected...

CVE-2022-39298

MelisFront (melis-front) on Melis Platform contains a deserialization of untrusted data vulnerability that enables arbitrary PHP code execution. The issue affects affected versions of melisplatform/melis-front and can be exploited without authentication. The root cause is deserializing user-contr...

CVE-2021-22913

Nextcloud Deck prior to 1.2.7 and 1.4.1 is affected by an information disclosure vulnerability where searches for sharees are sent to the lookup server by default instead of the local Nextcloud server, unless a global search is explicitly chosen. The underlying issue is that the search requests a...

CVE-2018-19331

CVE-2018-19331 affects S-CMS v1.5: the search.php endpoint is vulnerable to SQL injection via the keyword parameter. Root cause: unsafely constructed SQL in the search feature. Exploitation via keyword parameter is documented; this could enable a SQL injection attack. No remediation or patch deta...

Distributed, Search Optimized Full Packet Capture System: PCAPDB

Distributed, Search Optimized Full Packet Capture System PcapDB is a distributed, search-optimized open source packet capture system. It was designed to replace expensive, commercial appliances with off-the-shelf hardware and a free, easy to manage software system. Captured packets are reorganize...

CVE-2008-4438

CVE-2008-4438 affects Datafeed Studio 1.6.2, where a Cross-Site Scripting (XSS) flaw exists in search.php due to the q parameter. The vulnerability allows remote attackers to inject arbitrary web script or HTML. The CVSS2 base score is 4.3 (Medium) with network attack vector, requiring no authent...

CVE-2008-1306

This CVE (CVE-2008-1306) concerns multiple XSS vulnerabilities in Savvy Content Manager CM. The issues allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to three pages: searchresults.cfm, search_results.cfm, and search_results/index.cfm. The NVD entry lis...

CVE-2007-1050

CVE-2007-1050 describes multiple cross-site scripting (XSS) vulnerabilities in index.php of AbleDesign MyCalendar. The issue allows remote attackers to inject arbitrary web script or HTML via the following input points: (1) the go parameter, (2) the keyword parameter in the search menu (go=search...

CVE-2006-2249

CVE-2006-2249 describes multiple cross-site scripting (XSS) vulnerabilities in the CuteNews package, specifically in search.php for version 1.4.1 and earlier, and possibly 1.4.5. The weaknesses allow remote attackers to inject arbitrary script or HTML via the (1) user, (2) story, or (3) title par...

CVE-2005-3998

CVE-2005-3998 is an XSS vulnerability in Solupress News 1.0 and earlier, occurring in the search.asp component when processing the keywords parameter. The provided sources indicate an unauthenticated remote attacker could inject arbitrary script or HTML via this input, leading to potential client...

CVE-2005-1135

The CVE-2005-1135 issue affects Simple PHP Blog (sphpBlog) 0.4.0, where the search.php script’s q parameter is not properly validated, enabling a remote attacker to inject arbitrary web script or HTML (XSS). The vulnerability is confirmed by the primary CVE entry and supports remediation guidance...