852 matches found
CVE-2025-70060
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0...
CVE-2025-70060
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0...
CVE-2026-28103
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup LBG Zoominoutslider lbgzoominoutslider allows Reflected XSS.This issue affects LBG Zoominoutslider: from n/a through = 5.4.5...
CVE-2026-28122
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through = 2.9.8...
CVE-2026-27352
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Starto allows Reflected XSS.This issue affects Starto: from n/a before 2.2.5...
CVE-2026-22438
The CVE CVE-2026-22438 describes a reflected Cross‑Site Scripting vulnerability in the WordPress TheBi theme, affecting versions through 1.0.5. The issue arises from improper input neutralization during web page generation, enabling an attacker to craft a URL that, when visited by a user, execute...
PT-2026-23376
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider MouseInteraction uberSlider mouseinteraction allows Reflected XSS.This issue affects UberSlider MouseInteraction: from n/a through = 2.3...
CVE-2025-14343 Reflected XSS in Dokuzsoft Technology's E-Commerce Product
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025...
CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2025-64999 Cross-site scripting in HTML logs of Synthetic Monitoring test services
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2026-22357
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.9.2...
CVE-2024-56208
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through = 1.0.71...
CVE-2025-69296
CVE-2025-69296 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress theme Aardvark (GhostPool Aardvark aardvark), affecting versions up to and including 4.6.3 . The root cause is improper input neutralization during web page generation, enabling an attacker to inject arbitrary...
PT-2026-21045
Name of the Vulnerable Software and Affected Versions FluentCart versions prior to 1.3.0 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to inject...
CVE-2026-27360
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.38...
CVE-2026-23861
Dell Unisphere for PowerMax vApp, versions 9.2.4.x, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML o...
CVE-2026-21516
Improper neutralization of special elements used in a command 'command injection' in Github Copilot allows an unauthorized attacker to execute code over a network...
EUVD-2026-5337
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting XSS.This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1...
CVE-2025-8589
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AKCE Software Technology R Industry and Trade Inc. SKSPro allows Reflected XSS.This issue affects SKSPro: through 07012026...
CVE-2026-1819
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Karel Electronics Industry and Trade Inc. ViPort allows Stored XSS. This issue affects ViPort: through 23012026...