Lucene search
K

11 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/23 1:47 p.m.7 views

Malicious code in ty-search-suggestion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002ad12f14550389fc7ba00e11d256e776249a0239a346e232dc8f6186ab7a76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/23 1:47 p.m.13 views

MAL-2026-2105 Malicious code in ty-search-suggestion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 002ad12f14550389fc7ba00e11d256e776249a0239a346e232dc8f6186ab7a76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/03/23 1:47 p.m.3 views

Malicious Package

Overview ty-search-suggestion is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Veracode
Veracode
added 2024/05/24 11:51 a.m.11 views

Cross-site Scripting (XSS)

ezsystems/ezfind-ls is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to the lack of proper sanitization of the $searchextras.spellcheckcollation variable in the "Did you mean...?" spell check/search suggestion feature. This may lead to unauthorized code execution,...

6.8AI score
Exploits0
OSV
OSV
added 2024/05/15 9:7 p.m.11 views

GHSA-9CQ2-PCGR-8H62 Cross-site Scripting in eZFind spellcheck

This security advisory fixes a vulnerability in the legacy eZ Find extension, which can be used with the LegacyBridge in eZ Platform. It affects sites using the "Did you mean...?" spell check / search suggestion feature. This feature is vulnerable to Cross-site Scripting XSS injection reflected...

6.5AI score
Exploits0References5
NVD
NVD
added 2023/11/20 6:15 p.m.36 views

CVE-2023-48241

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wiki...

7.5CVSS0.7282EPSS
Exploits0References3
Prion
Prion
added 2023/11/20 6:15 p.m.21 views

Information disclosure

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wiki...

5CVSS6.7AI score0.7282EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/11/20 5:58 p.m.42 views

CVE-2023-48241 XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wiki...

7.5CVSS7.7AI score0.7282EPSS
Exploits0References3
CVE
CVE
added 2023/11/20 5:58 p.m.87 views

CVE-2023-48241

XWiki Platform contains an information-disclosure flaw in the Solr-based search suggestion service. From CVE-2023-48241 and connected data, the vulnerability affects XWiki Platform versions starting at 6.3-milestone-2 up to but not including fixed releases: 14.10.15, 15.5.1, and 15.6RC1. The Solr...

7.5CVSS7.4AI score0.7282EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2021/06/07 12:0 a.m.19 views

Mozilla Firefox Data Forgery Issue Vulnerability (CNVD-2021-54703)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a data forgery issue that stems from the address bar search suggestion in privacy mode being a reuse of session data in normal mode, which can be exploited by remote attackers to...

4.3CVSS3.8AI score0.00331EPSS
Exploits0References1
Prion
Prion
added 2008/11/24 5:30 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506...

2.6CVSS5.9AI score0.01796EPSS
Exploits2References6Affected Software1
Rows per page
Query Builder