Lucene search
K

37 matches found

Vulnrichment
Vulnrichment
added 2025/10/16 5:55 p.m.3 views

CVE-2025-34512 Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that...

5.1CVSS5.9AI score0.0038EPSS
Exploits3References3
NVD
NVD
added 2025/10/13 10:15 p.m.8 views

CVE-2025-62358

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracaogeral.php is vulnerable to Reflected Cross-Site Scripting XSS. An attacker can inject arbitrary JavaScript, which executes in the victim’s browser. This...

6.1CVSS0.00239EPSS
Exploits1References2
OSV
OSV
added 2025/02/26 1:15 p.m.5 views

CVE-2024-13633

The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00352EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.7 views

PT-2025-7014 · Unknown · Notfound Coronavirus (Covid-19) Outbreak Data Widgets

Name of the Vulnerable Software and Affected Versions: NotFound Coronavirus COVID-19 Outbreak Data Widgets versions 1.1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This...

7.1CVSS9AI score0.00241EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.4 views

WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Legal + versions = 1.0...

7.1CVSS6.1AI score0.00241EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/24 12:0 a.m.5 views

PT-2024-17579 · WordPress · Export Customers Data Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Export Customers Data plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Reflected Cross-Site Scripting via the t parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS8.7AI score0.00285EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/12/02 11:55 p.m.6 views

WordPress Campaign Monitor Forms by Optin Cat plugin <= 2.5.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Campaign Monitor Forms versions = 2.5.7...

6.1CVSS6.3AI score0.00344EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/15 8:15 a.m.7 views

CVE-2024-45458

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13...

6.1CVSS5.8AI score0.00293EPSS
Exploits0References1
OSV
OSV
added 2024/08/28 12:15 p.m.6 views

CVE-2024-6450

HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting XSS. An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser...

6.1CVSS5.8AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2024/08/20 2:15 p.m.3 views

CVE-2024-6379

A reflected Cross-site Scripting XSS vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

6.1CVSS6AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.7 views

PT-2022-23327 · WordPress · Ultimate Tables

Name of the Vulnerable Software and Affected Versions: ULTIMATE TABLES plugin versions = 1.6.5 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability affects the ULTIMATE TABLES plugin on WordPress, allowing for reflected cross-site...

6.1CVSS5.9AI score0.00406EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/10/25 6:0 p.m.3 views

CVE-2022-27913

An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components...

6.1CVSS6.3AI score0.00359EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/08 10:15 a.m.5 views

CVE-2022-1597

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks...

6.1CVSS6.4AI score0.0291EPSS
Exploits2References3
OSV
OSV
added 2022/03/28 6:15 p.m.5 views

CVE-2022-0647

The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the posttype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00788EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/03/09 7:0 a.m.8 views

CVE-2022-22511

Various configuration pages of the device are vulnerable to reflected XSS Cross-Site Scripting attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised...

5.4CVSS6AI score0.00553EPSS
Exploits0References2
OSV
OSV
added 2021/01/07 1:15 p.m.2 views

CVE-2020-24900

The default installation of Krpano Panorama Viewer version =1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml...

6.1CVSS6.4AI score0.00858EPSS
Exploits1References1
CNVD
CNVD
added 2017/08/02 12:0 a.m.3 views

Multiple vulnerabilities in phpcms V9 front and backend

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPCMS V9.6.3 backend has a reflective XSS and SQL injection vulnerability that can bypass the CSRF defense and upload any script file under certain conditions...

7.8AI score
Exploits0
Rows per page
Query Builder