Lucene search
K

7 matches found

CVE
CVE
added 2026/06/23 1:31 p.m.14 views

CVE-2026-11772

DRIMO CMS is affected by a Reflected XSS in the searching functionality, triggered via the q parameter. The vulnerability allows arbitrary JavaScript execution in the victim’s browser when a crafted URL is opened. The affected software is at end-of-life and no security updates are planned. Mitiga...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/09 6:29 p.m.5 views

CVE-2025-40700

Reflected Cross-Site Scripting XSS in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such a...

5.1CVSS6.1AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/10 11:45 a.m.1 views

CVE-2025-40725 Reflected Cross-Site Scripting (XSS) in Azon Dominator

Reflected Cross-Site Scripting XSS vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the “q” parameter in /search via GET. This vulnerability can be exploited to steal sensitive user data...

5.1CVSS5.6AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/10 11:45 a.m.8 views

CVE-2025-40725 Reflected Cross-Site Scripting (XSS) in Azon Dominator

Reflected Cross-Site Scripting XSS vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the “q” parameter in /search via GET. This vulnerability can be exploited to steal sensitive user data...

5.1CVSS0.00306EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/26 12:0 a.m.7 views

The vulnerability in the Splunk Web platform for operational analysis of Splunk Enterprise’s web interface allows attackers to bypass security restrictions, increase their privileges, and execute arbitrary commands.

The vulnerability in the Splunk Web platform for operational analysis in Splunk Enterprise relates to insufficient protection of sensitive data when processing the /services/streams/search endpoint with the q parameter. Exploiting this vulnerability allows an attacker to bypass security...

6.8CVSS5.7AI score0.00434EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2019/08/26 12:15 p.m.23 views

CVE-2019-15489

laracom aka Laravel FREE E-Commerce Software 1.4.11 has search?q= XSS...

6.1CVSS6.3AI score0.00875EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/08/26 11:57 a.m.24 views

CVE-2019-15489

laracom aka Laravel FREE E-Commerce Software 1.4.11 has search?q= XSS...

6.3AI score0.00875EPSS
Exploits1References1
Rows per page
Query Builder