CVE-2025-59548

DNN (DotNetNuke) is vulnerable to Reflected XSS in the CKEditor/FileBrowser prior to version 10.1.0. Specially crafted URLs to the FileBrowser could cause javascript injection when users click the link. The issue has been addressed in version 10.1.0 (patched). Affected software: DNN platform; vul...

CVE-2025-57968 WordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikRestaurants vikrestaurants allows Reflected XSS.This issue affects VikRestaurants: from n/a through = 1.5...

CVE-2024-12796

CVE-2024-12796 denotes a Reflected XSS in Workcube ERP (Holistic IT, Consultancy Coop.) affecting V12–V14 before Cognitive. Root cause: improper neutralization of input during web page generation. Impact as per sources: Cross-site scripting without user interaction required (AV:N/AC:L/PR:N/UI:N/S...

CVE-2025-6999 WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

Linux Distros Unpatched Vulnerability : CVE-2024-43417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflect...

Linux Distros Unpatched Vulnerability : CVE-2021-32478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3...

Linux Distros Unpatched Vulnerability : CVE-2025-21627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the...

Linux Distros Unpatched Vulnerability : CVE-2020-14320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. CVE-2020-14320 Note that...

Reflected Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.expando.web are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayexpandowebportletExpandoPortletdisplayType parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a...

CVE-2025-40642

CVE-2025-40642 is a reflected Cross-Site Scripting (XSS) vulnerability in WebWork exploited via the q and engine parameters in /search. Affected software is WebWork; the vulnerability stems from improper handling of user-supplied input in the search query, enabling remote code execution in the co...

CVE-2025-58845

Cross-Site Request Forgery CSRF vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through = 1.6.10...

CVE-2025-58848

Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...

CVE-2025-8695

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad NetGIS Server allows Reflected XSS. This issue affects NetGIS Server: from 5.2.4 through 22.08.2025...

CVE-2025-58854

Cross-Site Request Forgery CSRF vulnerability in Samer Bechara Ultimate AJAX Login ultimate-ajax-login allows Reflected XSS.This issue affects Ultimate AJAX Login: from n/a through = 1.2.1...

CVE-2025-58855

CVE-2025-58855 affects AP HoneyPot WordPress Plugin (Versions up to 1.4). Public records describe an improper neutralization of formula elements in a CSV file leading to reflected XSS, and related sources also flag a CSRF vulnerability in the plugin’s CSRF handling. The combination implies an imp...

CVE-2025-58854

CVE-2025-58854 affects WordPress plugin Ultimate AJAX Login (versions n/a–1.2.1). The vulnerability is CSRF that enables a Reflected XSS, with CVSS 3.1 base score 7.1 (HIGH; UI: Required, AV:N, AC:L, PR:N; scope CHANGED; C/L/A/L factors). Exploitation context indicates that user interaction is re...

CVE-2025-58854 WordPress Ultimate AJAX Login Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Samer Bechara Ultimate AJAX Login ultimate-ajax-login allows Reflected XSS.This issue affects Ultimate AJAX Login: from n/a through = 1.2.1...

CVE-2025-58848 WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...

CVE-2025-58848

CVE-2025-58848 concerns WordPress plugin WP Likes (versions up to 3.1.1). The vulnerability is a CSRF issue that also enables reflected XSS when exploited, as described in multiple sources. Affected software: WP Likes

CVE-2025-58845 WordPress Bulk Watermark Plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through = 1.6.10...