PT-2024-21728 · Unknown · Configure Smtp

Name of the Vulnerable Software and Affected Versions: Configure SMTP versions n/a through 3.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means an attacker can inject...

CVE-2024-1782

The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'btwebid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

PT-2024-21392 · Zhimengzhe · Ibarn

Name of the Vulnerable Software and Affected Versions: zhimengzhe iBarn version 1.5 Description: A reflected cross-site scripting XSS vulnerability allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in "offer.php". This issue enables attacker...

PT-2024-15124 · WordPress · Matomo Analytics

Name of the Vulnerable Software and Affected Versions: Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress versions up to, and including, 4.15.3 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. Th...

CVE-2024-0010

A reflected cross-site scripting XSS vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if a user clicks on a malicious link, allowing phishing attacks that could lead to credential...

CVE-2023-6673

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS. This issue affects CyberMath: from v.1.4 before v.1.5...

CVE-2024-22307

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7...

CVE-2023-6278

The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteshiperror and biteshipmessage parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...

CVE-2023-0769

The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins...

CVE-2023-6050

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-6882

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environmentmode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-6632

The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 versions up to 2.9.1.1 in Happy Addons for Elementor Pro due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-6555

The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-6161

The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-43675

An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all...

CVE-2023-6122

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı allows Reflected XSS.This issue affects Softomi Gelişmiş C2C Pazaryeri Yazılımı: before 12122023...

CVE-2023-48455

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-48443

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

PT-2023-30510 · Relyum · Rely-Rec +1

Name of the Vulnerable Software and Affected Versions: RELY-PCIe version 22.2.1 RELY-REC version 23.1.0 Description: An issue was discovered in the Relyum devices, where the web interfaces are susceptible to reflected XSS. Recommendations: For RELY-PCIe version 22.2.1, consider disabling access t...

CVE-2022-48614

Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS...