CVE-2026-31872

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.6 and 8.6.32, the protectedFields class-level permission CLP can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation...

CVE-2026-31872

CVE-2026-31872 affects Parse Server. Prior to 9.6.0-alpha.6 and 8.6.32, the protectedFields class-level permission (CLP) can be bypassed via dot-notation in query WHERE clauses and sort parameters, enabling an attacker to query or sort by sub-fields of a protected field on MongoDB and PostgreSQL ...

CVE-2026-31872 Parse Server has a protected fields bypass via dot-notation in query and sort

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.6 and 8.6.32, the protectedFields class-level permission CLP can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation...

CVE-2026-22197

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate...

Malicious code in @malware-test-teens-spode-aumil-sorts/test-mlw3-teens-spode-aumil-sorts (npm)

The package @malware-test-teens-spode-aumil-sorts/test-mlw3-teens-spode-aumil-sorts was found to contain malicious code...

MAL-2025-8889 Malicious code in @malware-test-romal-duxes-kilty-sorts/test-mlw3-romal-duxes-kilty-sorts (npm)

The package @malware-test-romal-duxes-kilty-sorts/test-mlw3-romal-duxes-kilty-sorts was found to contain malicious code...

CVE-2013-0227

Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...

Drupal Search API Sorts Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.The Search API Sorts module is one of the modules that provides custom sorting and global sort blocks for the Search API. A cross-site scripting vulnerability exists in the Drupal Searc...

Search API Sorts - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-016

The Search API Sorts module allows the site administrator to configure custom sort options for their search results and expose the control interface via the core block system. The module doesn't sufficiently sanitise the name of the sort option which is displayed to users. This vulnerability is...

Cross site scripting

Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...

CVE-2013-0227

The CVE-2013-0227 entry involves Drupal's Search API Sorts module (7.x-1.x) with a XSS vulnerability caused by insufficient filtering of user-entered text in field labels. Affects Drupal 7.x, versions prior to 7.x-1.4. Impact: remote authenticated users with certain roles can inject arbitrary Jav...