phppgadmin vulnerable to Cross-site Scripting

phpPgAdmin versions 7.13.0 and earlier contain multiple cross-site scripting XSS vulnerabilities across various components. User-supplied inputs from $REQUEST parameters are reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php...

CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

DEBIAN-CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

CVE-2025-60796

CVE-2025-60796 affects phpPgAdmin 7.13.0 and earlier, with multiple reflected XSS vulnerabilities across components (e.g., sequences.php, indexes.php, admin.php, and other files). User input from $_REQUEST is echoed into HTML without proper encoding or sanitization, enabling attackers to execute ...

GHSA-J8CQ-7F6P-256X LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

Summary A Reflected Cross-Site Scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited ...

CVE-2025-58971

CVE-2025-58971 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Doctreat theme, affected versions

E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website by the individual developer Bhabishya Ghimire. A security vulnerability exists in E-commerce version 1.0, which stems from the /search parameter not clearing the input to be reflected directly back to the response HTML, which could lead to a cross-site...

EUVD-2019-8613

Malware in sbrugna...

EUVD-2020-26888

Malware in sbrugna...

EUVD-2025-26062

Malicious code in bioql PyPI...

CVE-2025-47694 WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add

Summary A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic that stems from user-supplied input being reflected back as a response in the server...

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

CVE-2020-6206

SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted by external attackers, leading to Cross Site Request Forgery...

PT-2025-4962 · Unknown · Notifikácie.Sk

Name of the Vulnerable Software and Affected Versions: Notifikácie.sk versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a Reflected XSS vulnerability. This means th...

PT-2025-4948 · Cubepm · Cubepm

Name of the Vulnerable Software and Affected Versions: CubePM versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This means that an attacker can inject malicious scripts in...

PT-2025-5500 · WordPress · Wp Multi Store Locator

Name of the Vulnerable Software and Affected Versions: WP Multi Store Locator versions 2.4.7 and earlier Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows for Reflected XSS attacks. This means that an attacker can inject malicious...