Lucene search
K

959 matches found

CVE
CVE
added 14 hours ago9 views

CVE-2026-57422

CVE-2026-57422 concerns a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Bopo – WooCommerce Product Bundle Builder (bopo-woo-product-bundle-builder). The issue arises from improper input neutralization during web page generation, allowing an attacker to inject script v...

7.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago5 views

CVE-2026-57728 WordPress Flatsome theme <= 3.20.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UX-themes Flatsome flatsome allows Reflected XSS.This issue affects Flatsome: from n/a through = 3.20.5...

7.1CVSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago58 views

Post Sync Plugin <= 1.1 - Cross-Site Scripting

Post Sync WordPress plugin = 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a maliciou...

6.1CVSS7AI score0.0061EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago121 views

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

6.1CVSS6.6AI score0.04055EPSS
Exploits1References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43048

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk versions: from 0.0.0 to 9.7.1...

6.1AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 3 days ago6 views

CVE-2026-9838

The CVE-2026-9838 entry concerns the ICS Calendar plugin for WordPress. It describes a Reflected Cross-Site Scripting (XSS) vulnerability via the htmltagtitle parameter in all versions up to and including 12.0.9. The root cause is insufficient input sanitization and output escaping, with exploita...

6.1CVSS6.2AI score0.00296EPSS
Exploits0References10
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42018

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Reflected XSS. This issue affects Access Control System GKS: before Version 2...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 10:16 a.m.9 views

CVE-2026-12754

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'layoutstyle' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00293EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.35 views

CVE-2026-57338 WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 2:17 p.m.9 views

CVE-2026-11772

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS0.00378EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:15 p.m.13 views

CVE-2026-10857

CVE-2026-10857 – Reflected XSS in AKINSoft e-Commerce Affected product: AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce.Vulnerability: Reflected Cross-Site Scripting due to improper neutralization of input during web page generation.Root cause: insufficient sanitization of...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 a.m.12 views

CVE-2026-4259

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 a.m.12 views

CVE-2026-4110

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS0.00152EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 12:56 p.m.22 views

CVE-2026-54221 Reflected XSS in UBB.threads

UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link. Because vendor contact attempts were unsuccessful,...

5.1CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 9:50 a.m.14 views

CVE-2026-39597

This CVE covers an unauthenticated, reflected Cross Site Scripting (XSS) in the WordPress WPZOOM Addons for Elementor plugin (versions

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 6:0 a.m.18 views

CVE-2026-9570

Summary: CVE-2026-9570 affects the Taskbuilder WordPress plugin prior to 5.0.8. The vulnerability arises because a URL parameter is not properly sanitized before being echoed into inline JavaScript on a frontend page that uses a shortcode, causing a Reflected Cross-Site Scripting (XSS) vulnerabil...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.17 views

CVE-2026-49294

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

6.1CVSS0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 12:51 p.m.9 views

CVE-2026-45669 Nuxt: Reflected XSS in `navigateTo()` external redirect

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving ,...

5.3CVSS5.4AI score0.00164EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.23 views

PT-2026-48881

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 3.21.7 Nuxt versions prior to 4.4.7 Description The component fails to validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. If an...

5.4CVSS5AI score0.00198EPSS
Exploits0References8
NVD
NVD
added 2026/06/11 7:16 a.m.13 views

CVE-2026-40986

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker...

4.8CVSS0.00201EPSS
Exploits0References1
Rows per page
Query Builder