CVE-2024-11204

The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

CVE-2024-10250

The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-35679

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in GiveWP allows Reflected XSS.This issue affects GiveWP: from n/a through 3.12.0...

CVE-2024-1775

The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-49271

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'checkoutdate' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response...

CVE-2023-46094

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin = 6.5.3 versions...

PT-2023-17105 · Tagdiv · Tagdiv Composer

Name of the Vulnerable Software and Affected Versions: tagDiv Composer WordPress plugin versions prior to 4.0 Description: The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users, such as admin. This occurs because a parameter is not properly...

CVE-2022-35664

Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

PT-2022-18477 · Hcl · Hcl Notes

Name of the Vulnerable Software and Affected Versions: HCL iNotes affected versions not specified Description: The issue is caused by improper validation of user-supplied input in a form POST request, leading to a Reflected Cross-site Scripting XSS vulnerability. A remote attacker could exploit...

CVE-2022-1822

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

VulnCheck KEV: CVE-2022-0288

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2021-38358

The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the /views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1...

PT-2021-11080 · Unknown · Krpano Panorama Viewer

Name of the Vulnerable Software and Affected Versions: Krpano Panorama Viewer versions =1.20.8 Description: The issue is related to Reflected XSS due to insecure remote js load in the file viewer/krpano.html. The plugintest.url parameter is vulnerable. Recommendations: For Krpano Panorama Viewer...

CVE-2019-13200

The web application of several Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions...

CVE-2020-10455

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/translate.php by adding a question mark ? followed by the payload...

CVE-2020-10442

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-article-popular.php by adding a question mark ? followed by the payload...

CVE-2020-10414

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/index-attachments.php by adding a question mark ? followed by the payload...

CVE-2020-10399

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-user.php by adding a question mark ? followed by the payload...

PT-2020-12137 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to inject arbitrary web script or HTML via the GET parameter p in the admin/edit-comment.php file. This enables attackers to perform a Reflected XSS attack...

CVE-2019-7437

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting XSS via the Search field...