CVE-2026-27332

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through 1.4.0...

CVE-2026-22440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree Thecs thecs allows Reflected XSS.This issue affects Thecs: from n/a through = 1.4.7...

CVE-2026-28126

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sizam RH Frontend Publishing Pro allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a before 4.3.4...

CVE-2026-28122

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through = 2.9.8...

CVE-2026-28075 WordPress Porto theme <= 7.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through = 7.6.2...

CVE-2026-27375

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through = 1.9.8...

CVE-2026-27352

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Starto allows Reflected XSS.This issue affects Starto: from n/a before 2.2.5...

CVE-2026-22438

The CVE CVE-2026-22438 describes a reflected Cross‑Site Scripting vulnerability in the WordPress TheBi theme, affecting versions through 1.0.5. The issue arises from improper input neutralization during web page generation, enabling an attacker to craft a URL that, when visited by a user, execute...

PT-2026-23187

Name of the Vulnerable Software and Affected Versions Thecs versions through 1.4.7 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to inject malicious...

PT-2026-23376

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider MouseInteraction uberSlider mouseinteraction allows Reflected XSS.This issue affects UberSlider MouseInteraction: from n/a through = 2.3...

PT-2026-23384

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Reflected XSS.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through =...

PT-2026-23239

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Starto starto allows Reflected XSS.This issue affects Starto: from n/a through = 2.1.9...

PT-2026-23375

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider PerpetuumMobile uberSlider perpetuummobile allows Reflected XSS.This issue affects UberSlider PerpetuumMobile: from n/a through = 2.3...

PT-2026-22467

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2...

CVE-2026-28083

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through = 3.20.5...

Improper Neutralization of Input Used for LLM Prompting

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Improper Neutralization of Input Used for LLM Prompting via the Guardrail node. An attacker can modify workflow input to circumvent intended restrictions by crafting specific input values. Workaround This...

EUVD-2025-208120

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025...

CVE-2025-14343 Reflected XSS in Dokuzsoft Technology's E-Commerce Product

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025...

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...