Lucene search
+L

128 matches found

CNNVD
CNNVD
added 2025/03/24 12:0 a.m.5 views

PHPGurukul Bank Locker Management System 注入漏洞

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of the search-report-details.php file. An attacker ca...

9.8CVSS8.2AI score0.00481EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/03/23 12:0 a.m.4 views

PHPGurukul Bank Locker Management System 安全漏洞

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of /search-locker-details.php. An attacker can exploi...

9.8CVSS8.2AI score0.00481EPSS
Exploits1References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search functionality. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into user inputs. This can lead to unauthorized actions such as stealing session cookies, redirectin...

6.1CVSS5.5AI score0.00491EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

LocalAI 安全漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A security vulnerability exists in LocalAI version v2.21.1, which stems from improper user input cleanup in the search function and could lead to a cross-site scripting attack...

6.1CVSS5AI score0.00491EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/23 12:0 a.m.8 views

PT-2025-7669 · Unknown · Phpgurukul Online Nurse Hiring System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Nurse Hiring System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Online Nurse Hiring System. This issue affects an unknown part of the file /admin/search-report-details.php. The...

9.8CVSS7.3AI score0.00513EPSS
Exploits0References10
NVD
NVD
added 2024/11/20 3:15 p.m.20 views

CVE-2024-51209

Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...

5.4CVSS0.0026EPSS
Exploits1References2
CVE
CVE
added 2024/11/20 12:0 a.m.56 views

CVE-2024-51209

The CVE describes Cross-Site Scripting (XSS) in Anuj Kumar’s Client Management System Version 1.2. The vulnerability affects the search input fields on the admin search invoices page and the client search invoices page, allowing an attacker to inject arbitrary web script or HTML. Technical contex...

5.4CVSS5.9AI score0.0026EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/11/20 12:0 a.m.20 views

CVE-2024-51209

Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...

0.0026EPSS
Exploits1References2
OSV
OSV
added 2024/10/25 7:15 a.m.5 views

CVE-2024-42420

Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed...

7.5CVSS5.8AI score0.00723EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/24 12:0 a.m.5 views

PHPGurukul Vehicle Record System SQL注入漏洞

PHPGurukul Vehicle Record System is a vehicle record management system from PHPGurukul. A SQL injection vulnerability exists in version 1.0 of the PHPGurukul Vehicle Record System, which originates from an SQL injection vulnerability contained in the searchinputdata parameter of the...

8.8CVSS7AI score0.00518EPSS
Exploits1References4
OSV
OSV
added 2024/07/26 6:30 a.m.10 views

GHSA-2HJR-VMF3-XWVP Elasticsearch Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessi...

5.2CVSS5.9AI score0.00445EPSS
Exploits0References3
OSV
OSV
added 2024/07/26 5:15 a.m.11 views

UBUNTU-CVE-2023-49921

An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessi...

6.5CVSS5.8AI score0.00445EPSS
Exploits0References2
OSV
OSV
added 2024/06/17 9:15 p.m.3 views

CVE-2024-37798

Cross-site scripting XSS vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field...

5.9CVSS5.9AI score0.00349EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/06/30 12:0 a.m.6 views

The vulnerability in the virtual learning environment Moodle arises from the lack of measures taken to protect the structure of web pages. This allows attackers to carry out XSS attacks.

The vulnerability in the virtual learning environment Moodle is related to insufficient cleaning of user data during search operations on blogs. Exploiting this vulnerability can allow a malicious actor to carry out XSS attacks remotely...

6.4CVSS5.8AI score0.00854EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2023/04/09 12:0 a.m.6 views

PT-2023-17376 · Unknown · Phpgurukul Bank Locker Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Bank Locker Management System version 1.0 Description: A critical issue affects the Search component of the PHPGurukul Bank Locker Management System, specifically in the file index.php. The manipulation of the searchinput argument...

9.8CVSS8.1AI score0.00726EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/03/31 2:16 a.m.2 views

Malicious code in tdv2-applet-search-input (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e022c3efe7e835b45fddf0e6d3e78494e10cf44eae43cfdc147cadbe25d7dc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.5 views

SUSE CVE-2010-0132

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

2.6CVSS6.2AI score0.02334EPSS
Exploits0References4
Hacker One
Hacker One
added 2023/02/03 5:9 p.m.16 views

TD Bank: Search input is vulnerable for XSS in qa.td.com and dev.td.com

Summary: I was able to exploit search input in qa.td.com. Steps To Reproduce: Go to qa.td.com and use the search option to reproduce this vulnerability Supporting Material/References: F2152622 attachment / reference Example-...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2022/09/26 12:0 a.m.5 views

Academy Learning Management System 跨站脚本漏洞

Academy Learning Management System is an Academy Learning Management System from the Creativeitem team. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the Search parameter, which could be exploited to launch a reflective cross-site scripting...

6.1CVSS6.1AI score0.02316EPSS
Exploits2References6
OSV
OSV
added 2022/07/12 5:15 p.m.4 views

CVE-2022-2363

A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /cispms/admin/search/searching/. The manipulation of the argument search with the input "alert"XSS" leads t...

4.6CVSS4AI score0.00555EPSS
Exploits0References2
Rows per page
Query Builder