203 matches found
SUSE CVE-2026-11611
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...
389 Directory Server 资源管理错误漏洞
389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a resource management vulnerability in 389 Directory Server, which stems from the Content Synchronization persistent search plugin allowing unlimited memory...
CVE-2026-41456
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
GHSA-X83W-23JP-G6PW OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation
Description A flaw was identified in the OpenSearch Security plugin's document-level security DLS implementation. DLS restrictions were not correctly applied to search queries that use hasparent or haschild join relations. This could allow an authenticated user to access document contents that...
Mahara 跨站脚本漏洞
Mahara is a free, open-source web-based electronic portfolio management system. Versions of Mahara prior to 25.04.2 and 24.04.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Elasticsearch 7 search plugin not properly cleaning input parameters in queries, whi...
EUVD-2026-24239
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
CVE-2026-41456
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
CVE-2026-41456
CVE-2026-41456 affects Bludit CMS prior to commit 6732dde, where a reflected XSS in the search plugin allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. When users visit a crafted URL, attackers can execute scripts in their browsers, potentially ...
CVE-2026-41456
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
Bludit 跨站脚本漏洞
Bludit is an open-source, lightweight blog content management system developed by Bludit. Previous versions of Bludit, such as 6732dde, had a cross-site scripting vulnerability. This vulnerability stemmed from the search plugin’s reflective cross-site scripting feature, which allowed...
PT-2026-34045
Name of the Vulnerable Software and Affected Versions Bludit CMS versions prior to commit 6732dde Description A reflected cross-site scripting issue exists in the search plugin. This allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Malicious...
CVE-2026-1053
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1053
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1053
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-5081
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2017-18494
The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues...
CVE-2020-12104
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation...
CVE-2025-67930
CVE-2025-67930 : Reflected Cross-Site Scripting in the WordPress plugin eHive Search (formerly ehive-search) for versions