CVE-2022-0150

The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...

CVE-2023-4017

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

CVE-2026-22256

CVE-2026-22256 (Salvo) : A reflected XSS vulnerability exists in Salvo before version 0.88.1, arising from the list_html function in the directory listing view. The code inserts the rendered current.path into an HTML title (and page content) without proper sanitization, while the request path is ...

CVE-2025-68890

CVE-2025-68890 is a DOM-based XSS in the hands01 e-shops e-shops-cart2 plugin (WordPress) caused by improper input neutralization during web-page generation, affecting versions from n/a through

CVE-2025-68889 WordPress Pinpoll plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pinpoll Pinpoll pinpoll allows Reflected XSS.This issue affects Pinpoll: from n/a through = 4.0.0...

CVE-2025-67930

CVE-2025-67930 : Reflected Cross-Site Scripting in the WordPress plugin eHive Search (formerly ehive-search) for versions

CVE-2025-67922 WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...

CVE-2025-67918 WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through = 5.4.30...

CVE-2025-27004

CVE-2025-27004 concerns a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Famous - Responsive Image And Video Grid Gallery by LambertGroup. According to the CVE data and Wordfence report, the issue arises from improper neutralization of input during web page generation,...

WordPress plugin Visitor Stats Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2019-25284 V-SOL GPON/EPON OLT Platform V2.03.62R_IPv6 v2.03 Reflected Cross-Site Scripting Vulnerability

V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim's...

CVE-2019-25277 FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...

CVE-2026-21855 Tarkov Data Manager has Unauthenticated Reflected XSS

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting XSS vulnerability in the toast notification system allows any attacker to execute arbitrary JavaScript in the context of a victim's browser session by crafting a malicious...

CVE-2025-46494

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1...

PT-2026-1643

Name of the Vulnerable Software and Affected Versions Digital zoom studio DZS Video Gallery versions through 12.25 Description The software contains a flaw related to improper input handling during web page generation, leading to a Reflected Cross-site Scripting XSS condition. This allows for the...

CVE-2025-13456

The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

EUVD-2026-0035

Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type...

CVE-2025-13456

The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13456 Shopbuilder < 3.2.2 - Reflected XSS

The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-67711 Reflected XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...