CVE-2026-50235

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

WordPress Yuzo <5.12.94 - Cross-Site Scripting

WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can consequently inje...

eShop 3.0.4 - Cross-Site Scripting

eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in. id: CVE-2022-35493 info: name: eShop 3.0.4 - Cross-Site Scripting author: arafatansari severity: medium description: | eShop 3.0.4 contains a reflected cross-site scripting...

mooSocial v.3.1.8 - Cross-Site Scripting

Cross-Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. id: CVE-2023-44813 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha severity:...

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. id: CVE-2022-45037 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

Haraj 3.7 - Cross-Site Scripting

Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks. id: CVE-2022-31299 info: name: Haraj 3.7 - Cross-Site Scripting author: edoardottt severity: medium...

HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting

HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. id: CVE-2022-26564 info: name: HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting author: alexrydzak severity: medium description: | HotelDru...

Hoteldruid 3.0.5 - Cross-Site Scripting

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. id: CVE-2023-34537 info: name: Hoteldruid 3.0.5 - Cross-Site Scripting author: Harsh severity: medium...

ChurchCRM 4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. id: CVE-2023-26843 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium description: | A stored Cross-site scripti...

ChurchCRM 4.5.3 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. id: CVE-2023-25346 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium...

WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting

WordPress Goto Tour & Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and startdate GET parameters on its Tour List page. id: CVE-2021-24235 info: name: WordPress Goto Tour & Travel Theme =2.0 to mitigate the XSS...

WordPress Checklist <1.1.9 - Cross-Site Scripting

WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file. id: CVE-2019-16525 info: name: WordPress Checklist 1.1.9 - Cross-Site Scripting author: daffainfo severity: medium description:...

MindPalette NateMail 3.0.15 - Cross-Site Scripting

MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note...

Seo Panel 4.8.0 - Cross-Site Scripting

Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter. id: CVE-2021-3002 info: name: Seo Panel 4.8.0 - Cross-Site Scripting author: edoardottt severity: medium description: Seo Panel 4.8.0 contains a reflected cross-site...

Rukovoditel <= 2.7.2 - Cross Site Scripting

A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. id: CVE-2020-35986 info: name: Rukovoditel = 2.7.2 - Cross Sit...

Rukovoditel <= 2.7.2 - Cross Site Scripting

A stored cross site scripting XSS vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. id: CVE-2020-35984 info: name: Rukovoditel = 2.7.2 - Cross Site...

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...