Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-4297
The WP AutoComplete Search WordPress plugin up to and including 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection
Netflixtech Wp Autocomplete Search
4.8
CVSSv3
CVE-2023-5005
The Autocomplete Location field Contact Form 7 WordPress plugin prior to 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin prior to 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cro...
Codesmade Autocomplete Location Field Contact Form 7
NA
CVE-2007-2869
The form autocomplete feature in Mozilla Firefox 1.5.x prior to 1.5.0.12, 2.x prior to 2.0.0.4, and possibly earlier versions, allows remote malicious users to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
Mozilla Firefox 1.5
Mozilla Firefox 1.5.0.1
Mozilla Firefox 1.5.0.7
Mozilla Firefox 1.5.0.8
Mozilla Firefox 1.5.0.5
Mozilla Firefox 1.5.0.6
Mozilla Firefox 2.0.0.3
Mozilla Firefox 1.5.0.3
Mozilla Firefox 1.5.0.4
Mozilla Firefox 2.0.0.1
Mozilla Firefox 2.0.0.2
Mozilla Firefox 1.5.0.10
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.0.9
Mozilla Firefox 2.0
NA
CVE-2015-0822
The Form Autocompletion feature in Mozilla Firefox prior to 36.0, Firefox ESR 31.x prior to 31.5, and Thunderbird prior to 31.5 allows remote malicious users to read arbitrary files via crafted JavaScript code.
Mozilla Firefox 32.0
Mozilla Firefox 31.1.0
Mozilla Firefox 3.6.4
Mozilla Firefox 3.6.3
Mozilla Firefox 3.6.22
Mozilla Firefox 3.6.21
Mozilla Firefox 3.6.14
Mozilla Firefox 3.6.13
Mozilla Firefox 3.5.7
Mozilla Firefox 3.5.6
Mozilla Firefox 3.5.17
Mozilla Firefox 3.5.16
Mozilla Firefox 3.5
Mozilla Firefox 3.0.9
Mozilla Firefox 3.0.2
Mozilla Firefox
Mozilla Firefox 3.6.9
Mozilla Firefox 3.6.8
Mozilla Firefox 3.6.26
Mozilla Firefox 3.6.25
Mozilla Firefox 3.6.18
Mozilla Firefox 3.6.17
NA
CVE-2010-0808
Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote malicious users to obtain sensitive form information via a crafted web site, aka "AutoComplete Information ...
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
NA
CVE-2009-4197
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate malicious users to obtain the password from web bro...
Huawei Mt882 Modem Firmware 3.7.9.98
Huawei Mt882 Modem V100r002b020 Arg-t
1 EDB exploit
NA
CVE-2012-6573
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors involving autocomplete results.
Alejandro Garza Apachesolr Autocomplete 6.x-1.3
Alejandro Garza Apachesolr Autocomplete 6.x-1.x
Alejandro Garza Apachesolr Autocomplete 7.x-1.x
Alejandro Garza Apachesolr Autocomplete 6.x-1.0
Alejandro Garza Apachesolr Autocomplete 6.x-1.1
Alejandro Garza Apachesolr Autocomplete 6.x-1.2
Alejandro Garza Apachesolr Autocomplete 7.x-1.0
Alejandro Garza Apachesolr Autocomplete 7.x-1.1
Alejandro Garza Apachesolr Autocomplete 7.x-1.2
6.1
CVSSv3
CVE-2019-11003
In Materialize up to and including 1.0.0, XSS is possible via the Autocomplete feature.
Materializecss Materialize
NA
CVE-2015-2767
Unspecified vulnerability in Websense TRITON AP-EMAIL prior to 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."
Websense Triton Ap Email
5.3
CVSSv3
CVE-2016-4947
Cloudera HUE 3.9.0 and previous versions allows remote malicious users to enumerate user accounts via a request to desktop/api/users/autocomplete.
Cloudera Hue
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »