Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-2298
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x prior to 6.x-1.5 for Drupal allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks...
Drupal Realname 6.x-1.2
Nancy Wichmann Realname 6.x-1.0
Nancy Wichmann Realname 6.x-1.1
Nancy Wichmann Realname 6.x-1.2
Nancy Wichmann Realname 6.x-1.3
Nancy Wichmann Realname 6.x-1.4
Nancy Wichmann Realname 6.x-1.x
NA
CVE-2013-4091
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote malicious users to obtain access by ...
Imperva Securesphere 9.0.0.5
1 EDB exploit
NA
CVE-2010-2353
The Node Reference module in Content Construction Kit (CCK) module 6.x prior to 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote malicious users to discover titles and IDs of controlled node...
Yves Chedemois Cck 6.x-1.0-alpha
Yves Chedemois Cck 6.x-1.x-dev
Yves Chedemois Cck 6.x-2.0
Yves Chedemois Cck 6.x-2.1
Yves Chedemois Cck 6.x-2.2
Yves Chedemois Cck 6.x-2.3
Yves Chedemois Cck 6.x-2.4
Yves Chedemois Cck 6.x-2.5
Yves Chedemois Cck 6.x-2.6
Yves Chedemois Cck 6.x-2.x-dev
Yves Chedemois Cck 6.x-3.x-dev
NA
CVE-2011-4739
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation, as demonstrated by fo...
Parallels Parallels Plesk Panel 10.2.0 Build20110407.20
4.8
CVSSv3
CVE-2018-3764
In Nextcloud Contacts prior to 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged u...
Nextcloud Contacts
NA
CVE-2011-2759
The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 prior to 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by leverag...
Ibm Tivoli Directory Server 6.2.0.0
Ibm Tivoli Directory Server 6.2.0.1
Ibm Tivoli Directory Server 6.2.0.2
Ibm Tivoli Directory Server 6.2
NA
CVE-2015-4375
The Chaos tool suite (ctools) module 7.x-1.x prior to 7.x-1.7 for Drupal allows remote malicious users to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
Chaos Tool Suite Project Ctools 7.x-1.0
Chaos Tool Suite Project Ctools 7.x-1.1
Chaos Tool Suite Project Ctools 7.x-1.6
Chaos Tool Suite Project Ctools 7.x-1.3
Chaos Tool Suite Project Ctools 7.x-1.4
Chaos Tool Suite Project Ctools 7.x-1.2
Chaos Tool Suite Project Ctools 7.x-1.5
NA
CVE-2012-6662
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI prior to 1.10.0 allows remote malicious users to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the aut...
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Jqueryui Jquery Ui 1.10.0
NA
CVE-2011-4730
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation, as dem...
Parallels Parallels Plesk Panel 10.2.0 Build1011110331.18
4.8
CVSSv3
CVE-2018-3763
In Nextcloud Calendar prior to 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by pr...
Nextcloud Calendar
Nextcloud Calendar 1.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »