Lucene search
K

84 matches found

NVD
NVD
added 2025/12/06 6:15 a.m.5 views

CVE-2025-13894

The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2025/12/06 6:15 a.m.5 views

CVE-2025-13626

The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00219EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/04 5:24 a.m.4 views

EUVD-2025-201142

The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.2AI score0.00212EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/27 6:31 a.m.6 views

EUVD-2025-199792

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'orderby' parameter in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS5.2AI score0.00219EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.17 views

CVE-2025-11885

The EchBay Admin Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ebnonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS5.6AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.4 views

CVE-2025-64764

Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted application, regardless of what was intended by the component templates. This issue has been patched in version 5.15.8...

7.1CVSS6.3AI score0.00456EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/30 10:50 a.m.22 views

CVE-2025-53883 spacewalk-java has various XSS issues on search page

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

9.3CVSS0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.3 views

PT-2025-43599

Name of the Vulnerable Software and Affected Versions VNPAY Payment gateway plugin for WordPress versions up to and including 1.0.0 Description The VNPAY Payment gateway plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping...

6.1CVSS5.6AI score0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/09 4:13 p.m.26 views

CVE-2025-59994 Junos Space: Quick Template page is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...

6.1CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27739

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2025/09/08 10:26 p.m.20 views

CVE-2025-58452

CVE-2025-58452 affects WeGIA Web Manager for charitable institutions, with a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_despachos.php endpoint, exploitable via the id_memorando parameter prior to version 3.4.11. The cited updates indicate that version 3.4.11 contains a patch...

6.1CVSS5.3AI score0.00213EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2025/08/29 11:24 p.m.4 views

SUSE CVE-2025-40927

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some...

7.3CVSS5.6AI score0.00431EPSS
Exploits0References3
NVD
NVD
added 2025/08/20 8:15 a.m.14 views

CVE-2025-54670

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows Reflected XSS.This issue affects oik: from n/a through = 4.15.2...

7.1CVSS0.00219EPSS
Exploits0References1
OSV
OSV
added 2025/07/24 10:15 a.m.4 views

CVE-2025-5084

The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray'readmoretext'’ parameter in all versions up to, and including, 3.4.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6AI score0.00513EPSS
Exploits1References4
OSV
OSV
added 2025/07/08 12:15 p.m.5 views

CVE-2025-40719

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idconcesion parameter in /FacturaE/VerFacturaPDF...

6.1CVSS6AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.5 views

CVE-2024-1383

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS7AI score0.0061EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.4 views

CVE-2024-9356

The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS7.4AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:13 a.m.6 views

CVE-2024-9209

The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS5.6AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:52 a.m.4 views

CVE-2017-15885

Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the confLayoutOwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214...

6.1CVSS6.2AI score0.02352EPSS
Exploits2References1
OSV
OSV
added 2025/01/23 12:15 p.m.2 views

CVE-2024-13422

The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS7.4AI score
Exploits0References2
Rows per page
Query Builder