Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-1769
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior version...
Otrs Otrs
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
5.4
CVSSv3
CVE-2023-35075
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an malicious user to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.
Mattermost Mattermost
5.4
CVSSv3
CVE-2018-3781
A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
Nextcloud Talk
7.5
CVSSv3
CVE-2021-35527
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows malicious user to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
Hitachienergy Esoms
NA
CVE-2014-4788
IBM Initiate Master Data Service 9.5 prior to 9.5.093013, 9.7 prior to 9.7.093013, 10.0 prior to 10.0.093013, and 10.1 prior to 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by ...
Ibm Initiate Master Data Service 10.1
Ibm Initiate Master Data Service 9.5
Ibm Initiate Master Data Service 9.7
Ibm Initiate Master Data Service 10.0
NA
CVE-2011-4757
Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and cert...
Parallels Parallels Plesk Small Business Panel 10.2.0
NA
CVE-2011-4749
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation, as demonstrated by...
Parallels Parallels Plesk Panel 10.3.1 Build1013110726.09
NA
CVE-2011-4851
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation, as demonstrated by for...
Parallels Parallels Plesk Panel 10.4.4 Build20111103.18
NA
CVE-2012-2298
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x prior to 6.x-1.5 for Drupal allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks...
Nancy Wichmann Realname 6.x-1.0
Nancy Wichmann Realname 6.x-1.1
Nancy Wichmann Realname 6.x-1.3
Drupal Realname 6.x-1.2
Nancy Wichmann Realname 6.x-1.x
Nancy Wichmann Realname 6.x-1.2
Nancy Wichmann Realname 6.x-1.4
NA
CVE-2013-4091
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote malicious users to obtain access by ...
Imperva Securesphere 9.0.0.5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »