166 matches found
CVE-2019-25396
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAXDISKUSAGE or MAXDOWNLOADRATE paramete...
CVE-2026-1440
The CVE-2026-1440 entry concerns the Graylog Web Interface console (version 2.2.3) with a Reflected XSS flaw caused by insufficient sanitization/escaping of HTML output. Several endpoints include URL segments directly in responses without proper encoding, enabling an attacker to inject and execut...
CVE-2026-1438 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
CVE-2026-1666
The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirectto' parameter in all versions up to, and including, 3.3.46. This is due to insufficient input sanitization and output escaping on the 'redirectto' GET parameter in the login form shortcode...
CVE-2019-25390
CVE-2019-25390 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of multiple reflected cross-site scripting flaws in the interfaces.cgi script, exploitable via posted parameters such as GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, ...
PT-2026-8242
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces vlan edit.php with script payloads in the tag, descr, or vlanif parameter...
CVE-2026-0753 Super Simple Contact Form <= 1.6.2 - Reflected Cross-Site Scripting via 'sscf_name' Parameter
The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sscfname' parameter in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1795 Address Bar Ads <= 1.0.0 - Reflected Cross-Site Scripting
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
PYSEC-2026-115
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting XSS attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For...
CVE-2025-68010
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through = 2.9.63...
CVE-2025-4763
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...
CVE-2025-14375
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-0499
The CVE-2026-0499 case concerns SAP NetWeaver Enterprise Portal, where an unauthenticated attacker can perform reflected Cross-Site Scripting by injecting malicious scripts into a URL parameter. The server response reflects the payload and executes it in the user’s browser, enabling potential ses...
CVE-2025-23469
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sleekplan Sleekplan sleekplan allows Reflected XSS.This issue affects Sleekplan: from n/a through = 0.2.0...
CVE-2019-25270 SOCA Access Control System 180612 Reflected Cross-Site Scripting via logged_page.php
SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of loggedpage.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to execute arbitrary HTML and script code in a...
CVE-2025-32300 WordPress DZS Video Gallery plugin <= 12.25 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25...
CVE-2025-31054
Cross-Site Request Forgery CSRF vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8...
PT-2025-54446
Name of the Vulnerable Software and Affected Versions Themefy Bloggie versions through 2.0.8 Description A Cross-Site Request Forgery CSRF issue exists in Themefy Bloggie, which also allows Reflected Cross-Site Scripting XSS. The vulnerability allows an attacker to potentially perform actions on...
PT-2025-54447
Name of the Vulnerable Software and Affected Versions ZoomSounds versions through 6.91 Description A flaw exists in ZoomSounds that allows for Reflected Cross-Site Scripting XSS. This issue occurs due to improper neutralization of input during web page generation. The vulnerability could...
WordPress WP Abstracts plugin <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WP Abstracts versions = 2.7.2...