Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-0323
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin prior to 3.0 for SquirrelMail allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Paul Lesniewsk Autocomplete 2.0
Paul Lesniewsk Autocomplete 1.3
Paul Lesniewsk Autocomplete 1.2
Paul Lesniewsk Autocomplete 1.1
Paul Lesniewsk Autocomplete 1.0
Paul Lesniewsk Autocomplete
7.5
CVSSv2
CVE-2014-5250
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to access data via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
7.5
CVSSv2
CVE-2014-5249
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
4
CVSSv2
CVE-2013-1973
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values...
Autocomplete Widgets Project Autocomplete Widgets 7.x-1.x
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.1
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.2
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.3
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.0
2.1
CVSSv2
CVE-2015-6752
Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x prior to 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or H...
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.0
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.2
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.1
4.3
CVSSv2
CVE-2018-7603
In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't suff...
Search Autocomplete Project Search Autocomplete
NA
CVE-2023-41336
ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.1...
Symfony Ux Autocomplete
3.5
CVSSv2
CVE-2022-30961
Jenkins Autocomplete Parameter Plugin 1.1 and previous versions does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/...
Jenkins Autocomplete Parameter
6.8
CVSSv2
CVE-2022-30969
A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and previous versions allows malicious users to execute arbitrary code without sandbox protection if the victim is an administrator.
Jenkins Autocomplete Parameter
3.5
CVSSv2
CVE-2022-30970
Jenkins Autocomplete Parameter Plugin 1.1 and previous versions references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exp...
Jenkins Autocomplete Parameter
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »