CVE-2025-61456

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

CVE-2025-61456

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

CVE-2025-61454

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

EUVD-2020-7369

Malware in sbrugna...

EUVD-2025-28328

Malicious code in bioql PyPI...

EUVD-2025-32189

Malicious code in bioql PyPI...

CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-52788 WordPress CaptionPix <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Russell Jamieson CaptionPix captionpix allows Reflected XSS.This issue affects CaptionPix: from n/a through = 1.8...

CVE-2024-12915

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Devinim Software Library Software allows Reflected XSS. This issue affects Library Software: before 24.11.02...

HTTP_Request2 安全漏洞

HTTPRequest2 is a PEAR open source that provides an easy way to perform HTTP requests and does not require the curl extension. A security vulnerability exists in HTTPRequest2 versions prior to 2.7.0 that originates from multiple files in the test directory reflecting GET or POST parameters, which...

CVE-2025-32923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoodLayers Tourmaster tourmaster allows Reflected XSS.This issue affects Tourmaster: from n/a through 5.4.1...

CVE-2025-28877 WordPress Key4ce osTicket Bridge plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in m.tiggelaar Key4ce osTicket Bridge key4ce-osticket-bridge allows Reflected XSS.This issue affects Key4ce osTicket Bridge: from n/a through = 1.4.0...

CVE-2025-2482

The Gotcha | Gesture-based Captcha plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'menu' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress plugin Pollin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2025-23628

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NewMediaOne GeoDigs geodigs allows Reflected XSS.This issue affects GeoDigs: from n/a through = 3.4.1...

CVE-2025-23545

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Navnish Bhardwaj WP Social Broadcast wp-social-broadcast allows Reflected XSS.This issue affects WP Social Broadcast: from n/a through = 1.0.0...

CVE-2024-44009

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10...

CVE-2024-38380

This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session...

CVE-2024-43276

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Svetoslav Marinov Slavi Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4...

PT-2024-25393 · Piotnet · Piotnet Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Piotnet Addons For Elementor Pro versions through 7.1.17 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For...