EUVD-2025-37504

A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...

CVE-2025-53883 spacewalk-java has various XSS issues on search page

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

PT-2025-43599

Name of the Vulnerable Software and Affected Versions VNPAY Payment gateway plugin for WordPress versions up to and including 1.0.0 Description The VNPAY Payment gateway plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping...

EUVD-2025-35443

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pco58 WC Return products wc-return-product allows Reflected XSS.This issue affects WC Return products: from n/a through = 1.5...

WordPress plugin Simple Stripe Checkout 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website by the individual developer Bhabishya Ghimire. A security vulnerability exists in E-commerce version 1.0, which stems from the /index parameter not clearing the input to be reflected directly back to the HTML response, which could lead to a cross-site...

CVE-2025-31994

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can inject malicious script into an HTTP request, which is reflected in the server’s immediate response and executed in the victim’s browser. The vulnerability is documented across multiple sources (incl...

CVE-2025-11450

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...

CVE-2025-59994 Junos Space: Quick Template page is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...

EUVD-2025-28507

Malicious code in bioql PyPI...

EUVD-2025-26924

Malicious code in bioql PyPI...

EUVD-2025-27739

Malicious code in bioql PyPI...

EUVD-2025-24636

Malicious code in bioql PyPI...

CVE-2025-59774

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

Linux Distros Unpatched Vulnerability : CVE-2024-34051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Reflected Cross-site scripting XSS vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject...

CVE-2025-58452

CVE-2025-58452 affects WeGIA Web Manager for charitable institutions, with a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_despachos.php endpoint, exploitable via the id_memorando parameter prior to version 3.4.11. The cited updates indicate that version 3.4.11 contains a patch...

CVE-2025-58853

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

CVE-2025-58846

Cross-Site Request Forgery CSRF vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and...

Linux Distros Unpatched Vulnerability : CVE-2022-24917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected Javascript code inside it for services' page and send it to other users. The payload can be executed only...

SUSE CVE-2025-40927

CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some...