CVE-2026-42260

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF wit...

CVE-2026-42260

Open-WebSearch CVE-2026-42260 describes a SSRF in fetchWebContent of the MCP tool where bracketed IPv6 literals and lack of DNS resolution allow bypassing the public URL checks. The vulnerability arises because isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts treat bracketed IPv6 h...

CVE-2026-42260

Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF wit...

Open-WebSearch 代码问题漏洞

Open-WebSearch is a multi-engine web search and content retrieval tool developed by Aasee’s individual developers, without the need for an API key. Versions of Open-WebSearch prior to 2.1.7 had code vulnerabilities. These vulnerabilities stemmed from URL security checks not recognizing IPv6...

Server-side Request Forgery (SSRF)

Overview open-websearch is a web search the internet Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchWebContent process. An attacker can access internal network resources and retrieve sensitive information by supplying specially crafted URLs that...

Malicious Browser Extensions Targeted Over a Million Users So Far This Year

More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. "From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is...

atavi.com XSS vulnerability

Open Bug Bounty ID: OBB-642893 Description| Value ---|--- Affected Website:| atavi.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

swissneuro.ch XSS vulnerability

Open Bug Bounty ID: OBB-613789 Description| Value ---|--- Affected Website:| swissneuro.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

cjgetten-leur.nl XSS vulnerability

Open Bug Bounty ID: OBB-560179 Description| Value ---|--- Affected Website:| cjgetten-leur.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

websearch.4shared.com XSS vulnerability

Open Bug Bounty ID: OBB-450569 Description| Value ---|--- Affected Website:| websearch.4shared.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

cjghillegom.nl XSS vulnerability

Vulnerable URL: http://www.cjghillegom.nl/websearch.asp?zoekfilter=1%27-confirmopenbugbounty%20// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP websit...

CVE-2014-9367

Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting XSS attacks via a "'" single quote in the scope parameter to do/view/TWiki/WebSearch...

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch Affected Software : TWiki Affected Versions: 6.0.1 and possibly below Vendor Homepage : http://www.twiki.org/ Vulnerability Type : Cross-site Scripting Severity :...

Unfixed XSS vulnerability at www.mbi-berlin.de

Security researcher cL0n3, has submitted on 04/10/2008 a cross-site-scripting XSS vulnerability affecting www.mbi-berlin.de, which at the time of submission ranked 2520488 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/10/2008. It is...

Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues

Just two XSS holes. I only bothered releasing them because both microsoft and novell seemed to suffer a similar problem. I like to know about a hole no matter how small it is, if its in a product I use. Advisory www.cgisecurity.com/advisory/9.txt - [email protected] NOTE: Novell issued a patch...