Lucene search
K

85 matches found

RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.6 views

CVE-2026-2830

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 7:45 p.m.6 views

CVE-2026-2678

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

6.1CVSS6.3AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 1:16 p.m.4 views

CVE-2019-25426

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can send POST requests with script payloads in the TRANSPARENTSOURCEBYPASS or...

5.1CVSS5.9AI score0.00369EPSS
Exploits1References4
NVD
NVD
added 2026/02/19 1:16 p.m.4 views

CVE-2019-25412

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTPSERVERLIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the...

6.1CVSS0.0033EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.3 views

CVE-2025-14452 WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter

The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.8AI score0.00255EPSS
Exploits0References7
OSV
OSV
added 2026/02/18 10:16 p.m.7 views

CVE-2019-25396

IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerability in the updatexlrator.cgi script that allows attackers to inject malicious scripts through POST parameters. Attackers can submit crafted requests with script payloads in the MAXDISKUSAGE or MAXDOWNLOADRATE paramete...

6.1CVSS5.9AI score0.00242EPSS
Exploits1References4
CVE
CVE
added 2026/02/18 1:13 p.m.17 views

CVE-2026-1440

The CVE-2026-1440 entry concerns the Graylog Web Interface console (version 2.2.3) with a Reflected XSS flaw caused by insufficient sanitization/escaping of HTML output. Several endpoints include URL segments directly in responses without proper encoding, enabling an attacker to inject and execut...

6.1CVSS6.1AI score0.00189EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/18 1:13 p.m.24 views

CVE-2026-1438 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

5.3CVSS0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 7:16 a.m.8 views

CVE-2026-1666

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirectto' parameter in all versions up to, and including, 3.3.46. This is due to insufficient input sanitization and output escaping on the 'redirectto' GET parameter in the login form shortcode...

6.1CVSS0.00264EPSS
Exploits0References5
CVE
CVE
added 2026/02/16 5:5 p.m.43 views

CVE-2019-25390

CVE-2019-25390 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9. The vulnerability is a set of multiple reflected cross-site scripting flaws in the interfaces.cgi script, exploitable via posted parameters such as GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME, RED_ADDRESS, DNS1_OVERRIDE, ...

6.1CVSS5.6AI score0.00199EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.8 views

PT-2026-8242

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces vlan edit.php with script payloads in the tag, descr, or vlanif parameter...

6.1CVSS5.5AI score0.00232EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.3 views

CVE-2026-0753 Super Simple Contact Form <= 1.6.2 - Reflected Cross-Site Scripting via 'sscf_name' Parameter

The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sscfname' parameter in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.7AI score0.00339EPSS
Exploits0References5
OSV
OSV
added 2026/01/30 11:16 p.m.10 views

PYSEC-2026-115

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting XSS attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For...

6.1CVSS6AI score0.00345EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:23 a.m.5 views

CVE-2025-14375

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.9 views

CVE-2025-23469

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sleekplan Sleekplan sleekplan allows Reflected XSS.This issue affects Sleekplan: from n/a through = 0.2.0...

7.1CVSS7.2AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.5 views

PT-2025-54446

Name of the Vulnerable Software and Affected Versions Themefy Bloggie versions through 2.0.8 Description A Cross-Site Request Forgery CSRF issue exists in Themefy Bloggie, which also allows Reflected Cross-Site Scripting XSS. The vulnerability allows an attacker to potentially perform actions on...

7.1CVSS6AI score0.00091EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.6 views

PT-2025-54447

Name of the Vulnerable Software and Affected Versions ZoomSounds versions through 6.91 Description A flaw exists in ZoomSounds that allows for Reflected Cross-Site Scripting XSS. This issue occurs due to improper neutralization of input during web page generation. The vulnerability could...

7.1CVSS6AI score0.00149EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/20 3:20 a.m.4 views

CVE-2025-13624 Overstock Affiliate Links <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1CVSS5.2AI score0.00215EPSS
Exploits0References4
NVD
NVD
added 2025/12/12 4:15 a.m.20 views

CVE-2025-14125

The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00204EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50900

The VikRentItems Flexible Rental Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'delto' parameter in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.6AI score0.00211EPSS
Exploits0References5
Rows per page
Query Builder