CVE-2025-54055 WordPress Druco <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Druco druco allows Reflected XSS.This issue affects Druco: from n/a through = 1.5.2...

PT-2025-33979 · Unknown · Raptive Ads

Name of the Vulnerable Software and Affected Versions: Raptive Ads versions through 3.8.0 Description: Raptive Ads is susceptible to a reflected cross-site scripting XSS issue due to improper neutralization of input during web page generation. Recommendations: Update Raptive Ads to a version late...

CVE-2025-47689

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Reflected XSS.This issue affects Video Blogster Lite: from n/a through = 1.2...

CVE-2025-31007

CVE-2025-31007 is a Reflected XSS in the Billplz Addon for Contact Form 7 (WordPress). The vulnerability arises from improper input neutralization during web page generation, allowing arbitrary script execution when a user is tricked into submitting crafted input. Affected software: Billplz Addon...

CVE-2025-50927

CVE-2025-50927 concerns EHCP v20.04.1.b where the List All FTP User Function is vulnerable to reflected XSS via the ftpusername parameter. Authenticated attackers can inject JavaScript, potentially enabling session hijacking or redirection to malicious sites. Public writeups describe the vulnerab...

CVE-2025-40686

Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php...

📄 Invision Community 5.0.7 Cross Site Scripting

Invision Community versions 5.0.7 and below have an issue where user input passed through the state POST parameter to the /oauth/callback/index.php script is not properly sanitized before being used to generate HTML output. This can be exploited by attackers to perform reflected cross site...

WordPress plugin Tennis Court Bookings 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2024-43334 WordPress Zilom theme < 1.4.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gavias Zilom zilom allows Reflected XSS.This issue affects Zilom: from n/a through 1.4.5...

Ricoh Streamline NX Client Tool 跨站脚本漏洞

Ricoh Streamline NX Client Tool is a scalable document management application and tool from Ricoh Japan. A cross-site scripting vulnerability exists in Ricoh Streamline NX Client Tool, which stems from unvalidated specific parameters in the SLNX help documentation and could lead to a reflected...

WordPress plugin CSS3 Vertical Web Pricing Tables 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin Flexo Counter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-48145 WordPress Track, Analyze & Optimize by WP Tao plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michal Jaworski Track, Analyze & Optimize by WP Tao wp-tao allows Reflected XSS.This issue affects Track, Analyze & Optimize by WP Tao: from n/a through = 1.3...

WordPress plugin eForm - WordPress Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Universal Video Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Wishlist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-6177

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before 4.3.1...

CVE-2024-8850

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as email is used for the field in versions 4.9.9 to 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2024-35280

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4....

CVE-2023-52213

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through...