CVE-2026-7660 Easy Updates Manager <= 9.0.20 - Reflected Cross-Site Scripting via 'paged' Parameter

The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...

CVE-2026-8245

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

CVE-2026-32893

CVE-2026-32893 : Chamilo LMS is vulnerable to a reflected XSS in the exercise question list pagination. Before 2.0.0-RC.3, the pagination code merges all GET parameters with array_merge() and injects http_build_query() output into HTML href attributes without htmlspecialchars(), allowing an authe...

CVE-2026-30882

Chamilo LMS (versions ...). The issue is triggered when pagination controls render (more than 20 session categories). A fix is available in version 1.11.36, which patches this vulnerability. If you cannot upgrade, apply an input sanitization/encoding workaround for the affected parameter and revi...

EUVD-2024-2286

Malicious code in bioql PyPI...

CVE-2023-28778

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in BestWebSoft Pagination plugin = 1.2.2 versions...

CVE-2025-26751

CVE-2025-26751 : WordPress Alphabetic Pagination plugin vulnerable to Reflected XSS due to improper input neutralization during web page generation. Affected: Alphabetic Pagination versions up to 3.2.1. The CVE entry and multiple connected sources confirm the issue and that a fix has been applied...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pagination feature used in searches and filters by injecting a malformed URL into the GET parameter perpage Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...

PT-2024-24596 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.27.6 Decidim versions prior to 0.28.1 Description: The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter per page. This issue was...

CVE-2020-11082

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1...