SUSE CVE-2026-27116

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

CVE-2026-29100 SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Versio...

GO-2026-4552 Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api...

GHSA-4QGR-4H56-8895 Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Summary Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are...

CVE-2026-27116 Vikunja has Reflected HTML Injection via filter Parameter in Projects Module

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

CVE-2025-61454

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

CVE-2025-61454

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

Mars: Reflected HTML Injection via contact (faq) search parameter on ██████████

The report describes a reflected HTML injection vulnerability in the contact faq search parameter on the ██████████. A specific HTML payload entered into this parameter was reflected back in the response without proper sanitization, allowing for the execution of arbitrary HTML and potentially...

Mars: Reflected HTML Injection via contact (faq) search parameter on ███]=

The reflected HTML injection vulnerability was identified in the search parameter of the contact FAQ page on ███████. The vulnerability allowed for the injection and execution of arbitrary HTML and script code in the context of other users' web browsers. The issue was demonstrated through the...

CVE-2023-44355 ColdFusion | Improper Input Validation (CWE-20)

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this...

EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. Insert '"Clickme! on the keyword search field or directly on the link...

CVE-2022-2167 Newspaper < 12 - Reflected Cross-Site Scripting

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

PT-2019-14908 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns the use of an unsanitized query string variable in the contact import.php file, which is reflected in HTML. This leads to a cross-site scripting XSS issue, allowing potential...

SaLICru -SLC-20-cube3(5) - HTML Injection

Exploit Title: Reflected HTML Injection Google Dork: None Date: 16/12/2015 Exploit Author: Ramikan Vendor Homepage:https://www.salicru.com/en/ Software Link: N/A Version: Tested on SaLICru -SLC-20-cube35. Firmware: cs121-SNMP v4.54.82.130611 CVE : CVE-2019-10887 Category:Web Apps Vulnerability:...

CVE-2019-10887

A reflected HTML injection vulnerability on Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name=...

CVE-2019-10887

CVE-2019-10887 describes a reflected HTML-injection vulnerability in Salicru SLC-20‑cube3(5) devices running firmware cs121-SNMP v4.54.82.130611. Affected endpoints allow HTML payloads via /DataLog.csv?log=, /AlarmLog.csv?log=, /waitlog.cgi?name=, /chart.shtml?data=, and /createlog.cgi?name=. Pub...

CVE-2017-3961

Cross-Site Scripting XSS vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes...