Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2010-4569
Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote malicious users to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI.
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 4.0
5
CVSSv2
CVE-2009-4520
The CCK Comment Reference module 5.x prior to 5.x-1.2 and 6.x prior to 6.x-1.3, a module for Drupal, allows remote malicious users to bypass intended access restrictions and read comments by using the autocomplete path.
Kristof De Jaeger Commentreference
Kristof De Jaeger Commentreference 5.x-1.x-dev
Kristof De Jaeger Commentreference 6.x-1.1
Kristof De Jaeger Commentreference 6.x-1.0
Kristof De Jaeger Commentreference 6.x-1.x-dev
Kristof De Jaeger Commentreference 5.x-1.0
5
CVSSv2
CVE-2005-0589
The Form Fill feature in Firefox prior to 1.0.1 allows remote malicious users to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9.2
Mozilla Firefox 0.10
Mozilla Firefox 0.10.1
Mozilla Firefox 1.0
Mozilla Firefox 0.8
Mozilla Firefox 0.9
Mozilla Firefox 0.9.3
2.1
CVSSv2
CVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware
NA
CVE-2023-35075
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an malicious user to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.
Mattermost Mattermost
2.1
CVSSv2
CVE-2019-4444
IBM API Connect 2018.1 up to and including 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force I...
Ibm Api Connect
1.9
CVSSv2
CVE-2014-4450
The QuickType feature in the Keyboards subsystem in Apple iOS prior to 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for malicious users to discover credentials by reading credential values within unintended DOM input el...
Apple Iphone Os
4
CVSSv2
CVE-2020-1769
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior version...
Otrs Otrs
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
7.5
CVSSv2
CVE-2013-6742
The Meeting Server in IBM Sametime 8.5.2 up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ibm Sametime 8.5.2.1
Ibm Sametime 9.0.0.0
Ibm Sametime 9.0.0.1
Ibm Sametime 8.5.2.0
5
CVSSv2
CVE-2012-4471
The Search Autocomplete module 7.x-2.x prior to 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote malicious users to disable an autocompletion or change the priority order via unspecified vectors.
Dominique Clause Search Autocomplete 7.x-2.3
Dominique Clause Search Autocomplete 7.x-2.x
Dominique Clause Search Autocomplete 7.x-2.1
Dominique Clause Search Autocomplete 7.x-2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »