333 matches found
CVE-2025-49045
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects Super Interactive Maps: from n/a through = 2.3...
PT-2026-4055
Name of the Vulnerable Software and Affected Versions GLS Shipping for WooCommerce versions through 1.4.0 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Reflected Cross-Site Scripting XSS. This allows an attacker to inject...
CVE-2025-57786
A reflected cross-site scripting xss vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-58089
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
CVE-2025-44000
A reflected cross-site scripting xss vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-69268
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...
Zippy-CRM 跨站脚本漏洞
Zippy-CRM is an accounting system with a web interface by Leon Personal Developer. A cross-site scripting vulnerability exists in Zippy-CRM version 6.5.4 that stems from unvalidated input parameters and could lead to a reflected cross-site scripting attack...
CVE-2025-68873
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chloédigital PRIMER by chloédigital primer-by-chloedigital allows Reflected XSS.This issue affects PRIMER by chloédigital: from n/a through = 1.0.25...
CVE-2025-27002
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through = 1.5...
CVE-2023-49185
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7...
CVE-2023-4979
Cross-site Scripting XSS - Reflected in GitHub repository librenms/librenms prior to 23.9.0...
CVE-2025-23754
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ulrich Sossou The Loops the-loops allows Reflected XSS.This issue affects The Loops: from n/a through = 1.0.2...
CVE-2025-68887 WordPress WP-BusinessDirectory plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through = 4.0.1...
CVE-2025-67933 WordPress Taskbuilder plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through = 4.0.9...
CVE-2025-46494
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1...
CVE-2025-69082 WordPress Arlo theme <= 6.0.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through = 6.0.3...
CVE-2025-13369 Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting
The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...
WordPress plugin Arlo 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
CVE-2025-23707
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matamko En Masse en-masse-wp allows Reflected XSS.This issue affects En Masse: from n/a through = 1.0...
WordPress plugin ZhinaTwitterWidget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...