Search Security Vulnerabilities
A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to version 1.2.1 is...
6.5CVSS
6.4AI Score
0.002EPSS
A vulnerability was found in docconv up to 1.2.0. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.2.1....
9.8CVSS
9.8AI Score
0.002EPSS
A vulnerability, which was classified as problematic, was found in SourceCodester Local Service Search Engine Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_area of the component POST Parameter Handler. The manipulation of the argument area with the...
6.1CVSS
6AI Score
0.002EPSS
The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web.....
6.1CVSS
6.2AI Score
0.004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2...
8.8CVSS
8.7AI Score
0.001EPSS
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6.1AI Score
0.001EPSS
In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered....
6.1CVSS
6.1AI Score
0.001EPSS
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such.....
6.1CVSS
6.1AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3...
7.5CVSS
7.4AI Score
0.001EPSS
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
4.4CVSS
4.3AI Score
0.001EPSS
The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.001EPSS
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the...
4.9CVSS
5.6AI Score
0.001EPSS
The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed...
6.3CVSS
5.9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8...
8.8CVSS
8.8AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.5...
5.9CVSS
4.9AI Score
0.0005EPSS
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10...
6.5CVSS
5.2AI Score
0.0005EPSS
Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly...
7.5CVSS
7.5AI Score
0.002EPSS
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is...
5.3CVSS
5.2AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified.....
5.5AI Score
0.001EPSS
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at...
5.4CVSS
5.2AI Score
0.001EPSS
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at...
4.8CVSS
5AI Score
0.001EPSS
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at...
4.8CVSS
5AI Score
0.001EPSS
The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the error_message that is then rendered in the error.html template, using the flask.render_template...
6.1CVSS
5.9AI Score
0.001EPSS
All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated...
5.3CVSS
5.2AI Score
0.001EPSS
All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the...
7.5CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.011EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.011EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.011EPSS
7.2CVSS
7.4AI Score
0.001EPSS
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter:...
6.1CVSS
6AI Score
0.001EPSS
The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address...
4.8CVSS
5.5AI Score
0.001EPSS
An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for...
8.1CVSS
8AI Score
0.002EPSS
Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified...
6.1CVSS
6.1AI Score
0.001EPSS
Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified...
6.1CVSS
6.1AI Score
0.001EPSS
Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified...
6.1CVSS
6.1AI Score
0.001EPSS
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login...
9.8CVSS
10AI Score
0.017EPSS
The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows...
5.4CVSS
5.5AI Score
0.001EPSS
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any...
8.8CVSS
9AI Score
0.001EPSS
The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to...
7.5CVSS
7.1AI Score
0.003EPSS
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is...
9.8CVSS
9.8AI Score
0.043EPSS
search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options...
7.5CVSS
7.6AI Score
0.001EPSS