128 matches found
PHPGurukul Bank Locker Management System 注入漏洞
Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of the search-report-details.php file. An attacker ca...
PHPGurukul Bank Locker Management System 安全漏洞
Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of /search-locker-details.php. An attacker can exploi...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search functionality. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirectin...
LocalAI 安全漏洞
LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A security vulnerability exists in LocalAI version v2.21.1, which stems from improper user input cleanup in the search function and could lead to a cross-site scripting attack...
PT-2025-7669 · Unknown · Phpgurukul Online Nurse Hiring System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Nurse Hiring System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Online Nurse Hiring System. This issue affects an unknown part of the file /admin/search-report-details.php. The...
CVE-2024-51209
Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...
CVE-2024-51209
The CVE describes Cross-Site Scripting (XSS) in Anuj Kumar’s Client Management System Version 1.2. The vulnerability affects the search input fields on the admin search invoices page and the client search invoices page, allowing an attacker to inject arbitrary web script or HTML. Technical contex...
CVE-2024-51209
Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...
CVE-2024-42420
Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed...
PHPGurukul Vehicle Record System SQL注入漏洞
PHPGurukul Vehicle Record System is a vehicle record management system from PHPGurukul. A SQL injection vulnerability exists in version 1.0 of the PHPGurukul Vehicle Record System, which originates from an SQL injection vulnerability contained in the searchinputdata parameter of the...
GHSA-2HJR-VMF3-XWVP Elasticsearch Insertion of Sensitive Information into Log File
An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessi...
UBUNTU-CVE-2023-49921
An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessi...
CVE-2024-37798
Cross-site scripting XSS vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field...
The vulnerability in the virtual learning environment Moodle arises from the lack of measures taken to protect the structure of web pages. This allows attackers to carry out XSS attacks.
The vulnerability in the virtual learning environment Moodle is related to insufficient cleaning of user data during search operations on blogs. Exploiting this vulnerability can allow a malicious actor to carry out XSS attacks remotely...
PT-2023-17376 · Unknown · Phpgurukul Bank Locker Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Bank Locker Management System version 1.0 Description: A critical issue affects the Search component of the PHPGurukul Bank Locker Management System, specifically in the file index.php. The manipulation of the searchinput argument...
Malicious code in tdv2-applet-search-input (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e022c3efe7e835b45fddf0e6d3e78494e10cf44eae43cfdc147cadbe25d7dc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2010-0132
Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...
TD Bank: Search input is vulnerable for XSS in qa.td.com and dev.td.com
Summary: I was able to exploit search input in qa.td.com. Steps To Reproduce: Go to qa.td.com and use the search option to reproduce this vulnerability Supporting Material/References: F2152622 attachment / reference Example-...
Academy Learning Management System 跨站脚本漏洞
Academy Learning Management System is an Academy Learning Management System from the Creativeitem team. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the Search parameter, which could be exploited to launch a reflective cross-site scripting...
CVE-2022-2363
A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /cispms/admin/search/searching/. The manipulation of the argument search with the input "alert"XSS" leads t...