Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-41363

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html...

6.9CVSS5.8AI score0.00011EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 7:16 p.m.8 views

CVE-2026-45148

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

4.3CVSS0.00009EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/06 8:31 p.m.8 views

phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass in Search Result Rendering

Summary The search result rendering template search.twig outputs FAQ content fields result.question and result.answerPreview using Twig's | raw filter, which completely disables the template engine's built-in auto-escaping. A user with FAQ editor/contributor privileges can store a payload encoded...

8.2CVSS5.9AI score0.00011EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2026/05/06 8:31 p.m.5 views

Cross-site Scripting (XSS)

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search.twig template and the process that decodes and renders user-supplied content without proper sanitization. An...

8.2CVSS5.8AI score0.00011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/27 12:0 a.m.2 views

PT-2024-11775 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.1.1 Description: An issue was discovered in the search template of Logpoint, where template injection was seen. The search template uses jinja templating for generating dynamic data, which could be abused to achie...

8.8CVSS8.2AI score0.0026EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/27 12:0 a.m.3 views

Logpoint 安全漏洞

Logpoint is a network security application from the Danish company Logpoint. A security vulnerability exists in Logpoint versions prior to 7.1.1, which stems from a template injection vulnerability in the search template function...

8.8CVSS7.1AI score0.0026EPSS
Exploits0References2
0day.today
0day.today
added 2021/06/28 12:0 a.m.63 views

Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting Vulnerability

Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting XSS Exploit Author: CAPTAINHOOK Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6, 8.14.0...

6.1CVSS0.2AI score0.00558EPSS
Exploits4
Atlassian
Atlassian
added 2021/05/06 8:2 a.m.55 views

Vulnerability in Search Template Leads to Reflected XSS JIRA Software Server - CVE-2021-26078

Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the number range searcher component which allows remote attackers to inject arbitrary HTML or JavaScript. Affected versions: versions 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...

6.1CVSS3.8AI score0.00558EPSS
Exploits4Affected Software1
Atlassian
Atlassian
added 2021/05/06 8:2 a.m.40 views

Vulnerability in Search Template Leads to Reflected XSS JIRA Software Server - CVE-2021-26078

Affected versions of Jira Server and Jira Data Center have a XSS vulnerability in the number range searcher component which allows remote attackers to inject arbitrary HTML or JavaScript. Affected versions: versions 8.5.14 8.6.0 ≤ version 8.13.6 8.14.0 ≤ version 8.16.1 Fixed versions: 8.5.14...

6.1CVSS5.8AI score0.00558EPSS
Exploits4
Cvelist
Cvelist
added 2008/04/25 2:0 p.m.15 views

CVE-2008-1953

Cross-site scripting XSS vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...

5.6AI score0.00285EPSS
Exploits0References4
Rows per page
Query Builder