Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
search autocomplete project search autocomplete vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-6752
Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x prior to 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or H...
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.0
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.2
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.1
6.1
CVSSv3
CVE-2018-7603
In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't suff...
Search Autocomplete Project Search Autocomplete
NA
CVE-2015-4375
The Chaos tool suite (ctools) module 7.x-1.x prior to 7.x-1.7 for Drupal allows remote malicious users to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
Chaos Tool Suite Project Ctools 7.x-1.6
Chaos Tool Suite Project Ctools 7.x-1.1
Chaos Tool Suite Project Ctools 7.x-1.0
Chaos Tool Suite Project Ctools 7.x-1.4
Chaos Tool Suite Project Ctools 7.x-1.2
Chaos Tool Suite Project Ctools 7.x-1.5
Chaos Tool Suite Project Ctools 7.x-1.3
8.8
CVSSv3
CVE-2019-15701
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote malicious users to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import d...
Bloodhound Project Bloodhound 2.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started