26 matches found
EUVD-2022-43438
Malicious code in bioql PyPI...
EUVD-2023-33700
Malicious code in bioql PyPI...
EUVD-2023-44322
Malicious code in bioql PyPI...
CVE-2023-2289
The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘searchterm’ parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2009-3189
Cross-site scripting XSS vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter...
Co-marquage service-public.fr < 0.5.73 - Reflected Cross-Site Scripting via search_term
Description The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘searchterm’ parameter in versions up to, and including, 0.5.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
Video Gallery < 1.0.11 - Reflected XSS
The plugin does not sanitise and escape the searchterm parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
video carousel slider with lightbox < 1.0.23 - Reflected XSS
The plugin does not sanitise and escape the searchterm parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Online Banking System SQL Injection Vulnerability (CNVD-2022-68372)
Online Banking System is an online banking system developed using PHP and MySQL. v1.0 of Online Banking System has a security vulnerability that originates in the searchterm parameter in the /net-banking/customertransactions.php location. term parameter in /net-banking/customertransactions.php ha...
Online Banking System SQL Injection Vulnerability (CNVD-2022-68373)
Online Banking System is an online banking system developed using PHP and MySQL. v1.0 of Online Banking System contains a security vulnerability that originates in the searchterm parameter in the /net-banking/transactions.php location. injection issue in the searchterm parameter at...
CVE-2022-40120
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/customertransactions.php...
Sql injection
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/transactions.php...
Sql injection
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/customertransactions.php...
CVE-2022-40120
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the searchterm parameter at /net-banking/customertransactions.php...
RosarioSIS cross-site scripting vulnerability (CNVD-2023-74437)
RosarioSis is a student information system. It is used to manage students, create reports and make the right decisions. A cross-site scripting vulnerability exists in RosarioSIS version 8.2.1, which stems from a lack of data validation filtering on user-supplied data and output. An attacker can...
RosarioSIS XSS Vulnerability
Reflected Cross-site scripting XSS vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the searchterm parameter in the modules/Scheduling/Courses.php script...
CVE-2021-45416
CVE-2021-45416 (RosarioSIS) is a reflected XSS in RosarioSIS 8.2.1 via the search_term parameter in modules/Scheduling/Courses.php, caused by lack of proper input validation/escaping. The vulnerability allows injection of arbitrary HTML, with impacts described as user- or page-content modificatio...
CVE-2018-16762
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or searchterm parameter to pages/items...
OpenEMR SQL Injection Vulnerability (CNVD-2018-17194)
OpenEMR is an open source medical management system maintained by the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A SQL injection vulnerability exists in the...
CVE-2018-15151
SQL injection vulnerability in interface/deidentificationforms/findcodepopup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'searchterm' parameter...