Dataparksearch ≫ Dataparksearch

SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier allows remote attackers to execute arbitrary SQL commands via a malformed hostname in a URL.

Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.