Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
search autocomplete project search autocomplete vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2015-6752
Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x prior to 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or H...
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.0
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.2
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.1
383
VMScore
CVE-2018-7603
In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't suff...
Search Autocomplete Project Search Autocomplete
383
VMScore
CVE-2015-4375
The Chaos tool suite (ctools) module 7.x-1.x prior to 7.x-1.7 for Drupal allows remote malicious users to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
Chaos Tool Suite Project Ctools 7.x-1.6
Chaos Tool Suite Project Ctools 7.x-1.1
Chaos Tool Suite Project Ctools 7.x-1.0
Chaos Tool Suite Project Ctools 7.x-1.4
Chaos Tool Suite Project Ctools 7.x-1.2
Chaos Tool Suite Project Ctools 7.x-1.5
Chaos Tool Suite Project Ctools 7.x-1.3
605
VMScore
CVE-2019-15701
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote malicious users to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import d...
Bloodhound Project Bloodhound 2.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started