CVE-2025-57764

WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting XSS vulnerability was identified in the cargos.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge parameter. This vulnerability is...

CVE-2025-57765

WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting XSS vulnerability was identified in the precadastroadotante.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge parameter. This...

CVE-2025-57763 Cross-Site Scripting (XSS) Reflected in 'insere_despacho.php' parameter 'sccs'

WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site Scripting XSS vulnerability in the inseredespacho.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the cpf sccs. This vulnerability is fixed...

CVE-2025-43757

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7....

CVE-2025-54175 Reflected Cross-Site Scripting in QuickCMS.EXT

QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early about this vulnerability, but didn't respon...

CVE-2025-54056

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows Reflected XSS.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through = 3.5.8...

CVE-2025-48296

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup UpStore upstore allows Reflected XSS.This issue affects UpStore: from n/a through = 1.7.0...

CVE-2025-48159

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin video-player-youtube-vimeo allows Reflected XSS.This issue affects Youtube Vimeo Video Player and Slider WP Plugin: from n/a through = 3...

CVE-2025-57702 Reflected Cross-site Scripting in DIAEnergie

DIAEnergie - Reflected Cross-site Scripting...

Linux Distros Unpatched Vulnerability : CVE-2019-10179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority KRA Agent Service did not properly sanitize recovery request search...

CVE-2025-8113

CVE-2025-8113 affects the Ebook Store WordPress plugin (versions before 5.8015). The issue is a Reflected Cross-Site Scripting vulnerability where the plugin does not escape the $_SERVER['REQUEST_URI'] when outputting it into an HTML attribute, enabling a crafted URL to inject scripts in vulnerab...

CVE-2025-43734

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows...

CVE-2025-53575 WordPress Primer MyData for Woocommerce Plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/a through = 4.2.5...

CVE-2025-49038

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Soflyy WP Dynamic Links wp-dynamic-links allows Reflected XSS.This issue affects WP Dynamic Links: from n/a through = 1.0.1...

CVE-2025-54683 WordPress WP Modal Popup with Cookie Integration Plugin plugin <= 2.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Reflected XSS. This issue affects WP Modal Popup with Cookie Integration: from n/a through 2.4...

CVE-2025-49056

CVE-2025-49056 affects the WordPress plugin 多说社会化评论框 (versions n/a through 1.2). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L with a base score of 7.1 ...

CVE-2025-8046 Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI']

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress plugin 多说社会化评论框 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

Prototype Pollution

Overview org.webjars.npm:linkifyjs is a Find URLs, email addresses, hashtags and @mentions in plain-text strings, then convert them into HTML links. Affected versions of this package are vulnerable to Prototype Pollution via the internal assign helper due to improper filtering of the proto...

CVE-2025-4284

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Rolantis Information Technologies Agentis allows Reflected XSS, DOM-Based XSS. This issue affects Agentis: before 4.32...