CVE-2026-25350

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through 1.5.3...

CVE-2026-25349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Loobek loobek allows Reflected XSS.This issue affects Loobek: from n/a through 1.5.2...

CVE-2026-23979

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2025-12453

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0...

CVE-2026-3512

The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...

CVE-2026-33499

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the view/forbiddenPage.php and view/warningPage.php templates reflect the $REQUEST'unlockPassword' parameter directly into an HTML tag's attributes without any output encoding or sanitization. An attacker can craf...

CVE-2025-41027

GDTaller is affected by CVE-2025-41027 for a Reflected XSS vulnerability. The issue allows an attacker to execute JavaScript in the victim’s browser by delivering a malicious URL via the site parameter of the app_recuperarclave.php endpoint. The linked sources report this as a reflected XSS vulne...

CVE-2025-41026

CVE-2025-41026: Reflected XSS in GDTaller. Vulnerability arises from handling the site parameter in app_login.php, allowing an attacker to cause JavaScript execution in the victim’s browser via a malicious URL. Documents indicate this is a reflected XSS with CVSS v4.0 base score 5.1 (Medium); no ...

CVE-2026-1986

The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user supplied...

EUVD-2026-15744

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through = 2.0.21...

EUVD-2026-15694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...

CVE-2026-32545

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...

CVE-2026-25351 WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through 1.7.7...

CVE-2026-24975 WordPress Organici Library plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici Library: from n/a through = 2.1.2...

CVE-2026-23979 WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2026-22491

CVE-2026-22491 is a Reflected XSS in the WordPress plugin My auctions allegro free-edition (

PT-2026-27866

Name of the Vulnerable Software and Affected Versions NooTheme CitiLights versions through 3.7.1 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting XSS condition. This allows for the injection of...

WordPress plugin Riode 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

PT-2026-27985

Name of the Vulnerable Software and Affected Versions G5Theme Darna Framework versions through 2.9 Description The Darna Framework contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows for the...

PT-2026-28058

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...