37 matches found
CVE-2025-34512 Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that...
CVE-2025-62358
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracaogeral.php is vulnerable to Reflected Cross-Site Scripting XSS. An attacker can inject arbitrary JavaScript, which executes in the victim’s browser. This...
CVE-2024-13633
The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2025-7014 · Unknown · Notfound Coronavirus (Covid-19) Outbreak Data Widgets
Name of the Vulnerable Software and Affected Versions: NotFound Coronavirus COVID-19 Outbreak Data Widgets versions 1.1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This...
WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Legal + versions = 1.0...
PT-2024-17579 · WordPress · Export Customers Data Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Export Customers Data plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Reflected Cross-Site Scripting via the t parameter due to insufficient input sanitization and output escaping. This allows...
WordPress Campaign Monitor Forms by Optin Cat plugin <= 2.5.7 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Campaign Monitor Forms versions = 2.5.7...
CVE-2024-45458
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13...
CVE-2024-6450
HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting XSS. An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser...
CVE-2024-6379
A reflected Cross-site Scripting XSS vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
PT-2022-23327 · WordPress · Ultimate Tables
Name of the Vulnerable Software and Affected Versions: ULTIMATE TABLES plugin versions = 1.6.5 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability affects the ULTIMATE TABLES plugin on WordPress, allowing for reflected cross-site...
CVE-2022-27913
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components...
CVE-2022-1597
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks...
CVE-2022-0647
The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the posttype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-22511
Various configuration pages of the device are vulnerable to reflected XSS Cross-Site Scripting attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised...
CVE-2020-24900
The default installation of Krpano Panorama Viewer version =1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml...
Multiple vulnerabilities in phpcms V9 front and backend
PHPCMS is a web content management system based on PHP and Mysql architecture. PHPCMS V9.6.3 backend has a reflective XSS and SQL injection vulnerability that can bypass the CSRF defense and upload any script file under certain conditions...