932 matches found
CVE-2025-11950 Reflected XSS in Knowhy's EduAsist
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS. This issue affects EduAsist: before v2.1...
CVE-2026-1434
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...
CVE-2026-1434
Omega-PSIR is affected by a Reflected XSS vulnerability in the lang parameter. An attacker can craft a malicious URL that, when opened by a user, causes arbitrary JavaScript to execute in the victim’s browser. The issue has a fixed version: 4.6.7. The CVSS data indicates Network attack vector, lo...
CVE-2026-2679 Multiple vulnerabilities in A3factura software
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
CVE-2026-27948 Copyparty vulnerable to eflected cross-site scripting via setck parameter
Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via URL-parameter ?setck=.... Version 1.20.9 fixes the issue...
CVE-2025-56605
A reflected Cross-Site Scripting XSS vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute...
CVE-2025-56605
A reflected Cross-Site Scripting XSS vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute...
PT-2026-22140
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
CVE-2025-69302
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes DesignThemes Core Features designthemes-core-features allows Reflected XSS.This issue affects DesignThemes Core Features: from n/a through = 2.3...
CVE-2025-69392
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in itex iMoney imoney allows Reflected XSS.This issue affects iMoney: from n/a through = 0.36...
CVE-2025-67990
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 GMap Targeting gmap-targeting allows Reflected XSS.This issue affects GMap Targeting: from n/a through = 1.1.7...
CVE-2019-25447
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...
CVE-2019-25449
CVE-2019-25449 affects OrientDB 3.0.17 with a reflected cross-site scripting flaw. The issue allows attackers to submit crafted JSON payloads to the document endpoint, performing a POST to /document/demodb/-1:-1 and injecting script tags in the name parameter to execute arbitrary JavaScript in us...
CVE-2026-27503 SVXportal <= 2.5 admin/log.php Search Reflected XSS
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...
CVE-2026-22357
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.9.2...
CVE-2025-69384
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdiscover Timeline Event History timeline-event-history allows Reflected XSS.This issue affects Timeline Event History: from n/a through = 3.2...
CVE-2025-69330
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through 1.4.1...
CVE-2025-68501
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through = 8.1.1...
CVE-2025-68031
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through = 2.7.3...
CVE-2025-67978
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FixBD Educare educare allows Reflected XSS.This issue affects Educare: from n/a through = 1.6.1...