WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Enfold versions = 7.1.4...

CVE-2026-30567

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewproduct.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2026-23979

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2025-41027

GDTaller is affected by CVE-2025-41027 for a Reflected XSS vulnerability. The issue allows an attacker to execute JavaScript in the victim’s browser by delivering a malicious URL via the site parameter of the app_recuperarclave.php endpoint. The linked sources report this as a reflected XSS vulne...

CVE-2025-50001 WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

CVE-2026-28109

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Reflected XSS.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through = 3.8...

CVE-2026-1434

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

CVE-2019-25408

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...

CVE-2025-67964 WordPress Homey Core plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through = 2.4.3...

CVE-2025-58089

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-67930

CVE-2025-67930 : Reflected Cross-Site Scripting in the WordPress plugin eHive Search (formerly ehive-search) for versions

CVE-2025-67922 WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...

CVE-2025-13512

CVE-2025-13512 : CoSign Single Signon (WordPress plugin)

MaNGOSWebV4 4.0.6 - Reflected XSS

Exploit Title: MaNGOSWebV4 4.0.6 - Reflected XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/paintballrefjosh/MaNGOSWebV4 Software Link: https://github.com/paintballrefjosh/MaNGOSWebV4 Version: 4.0.6 Tested on: Ubuntu Windows CVE : CVE-2017-6478 PoC: // Access...

CVE-2025-61623

CVE-2025-61623 is a reflected cross-site scripting vulnerability in Apache OFBiz affecting versions before 24.09.03. All connected sources consistently indicate the issue arises from user-provided input reflected in responses, enabling XSS unless patched. The recommended remediation is to upgrade...

CVE-2025-52755

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor Child Themes child-themes allows Reflected XSS.This issue affects Child Themes: from n/a through = 1.0.1...

EUVD-2025-35660

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS.This issue affects AcBakImzala: before v5.1.4...

CVE-2025-57873

A reflected cross-site scripting vulnerability affects Esri Portal for ArcGIS 11.4 and earlier. An authenticated administrator can supply a crafted string to trigger arbitrary JavaScript execution in the user’s browser. Root cause appears to be reflected XSS via input echoed in the page. Impact p...

Reflected Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.expando.web are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayexpandowebportletExpandoPortletdisplayType parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a...

CVE-2025-53579

CVE-2025-53579 affects the WordPress Captcha.eu plugin (versions prior to 1.0.61). It is a Reflected XSS vulnerability due to improper input neutralization during web page generation. Public references indicate a patch exists: upgrade to 1.0.61 (or later) to fix the issue. Exploitation status is ...