11 matches found
Malicious code in ty-search-suggestion (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002ad12f14550389fc7ba00e11d256e776249a0239a346e232dc8f6186ab7a76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2105 Malicious code in ty-search-suggestion (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002ad12f14550389fc7ba00e11d256e776249a0239a346e232dc8f6186ab7a76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview ty-search-suggestion is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Cross-site Scripting (XSS)
ezsystems/ezfind-ls is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to the lack of proper sanitization of the $searchextras.spellcheckcollation variable in the "Did you mean...?" spell check/search suggestion feature. This may lead to unauthorized code execution,...
GHSA-9CQ2-PCGR-8H62 Cross-site Scripting in eZFind spellcheck
This security advisory fixes a vulnerability in the legacy eZ Find extension, which can be used with the LegacyBridge in eZ Platform. It affects sites using the "Did you mean...?" spell check / search suggestion feature. This feature is vulnerable to Cross-site Scripting XSS injection reflected...
CVE-2023-48241
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wiki...
Information disclosure
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wiki...
CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wiki...
CVE-2023-48241
XWiki Platform contains an information-disclosure flaw in the Solr-based search suggestion service. From CVE-2023-48241 and connected data, the vulnerability affects XWiki Platform versions starting at 6.3-milestone-2 up to but not including fixed releases: 14.10.15, 15.5.1, and 15.6RC1. The Solr...
Mozilla Firefox Data Forgery Issue Vulnerability (CNVD-2021-54703)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a data forgery issue that stems from the address bar search suggestion in privacy mode being a reuse of session data in normal mode, which can be exploited by remote attackers to...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506...