CVE-2025-67170

A reflected cross-site scripting XSS vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

CVE-2023-53882

JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers...

CVE-2025-68165

In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup...

CVE-2025-13355

The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

xss-demo

This repo presents the various types of Cross Site Scripting XS...

CVE-2025-9116

The WPS Visitor Counter WordPress plugin through 1.4.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

EUVD-2025-203238

The WPS Visitor Counter Plugin WordPress plugin through 1.4.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-9116

The CVE-2025-9116 entry concerns the WordPress plugin WPS Visitor Counter Plugin (versions up to 1.4.8). The connected sources confirm a Reflected Cross-Site Scripting flaw where the plugin does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it in an HTML attribute, enabling X...

vuln_XSS_web

Vulnerable Websites for XSS Testing Đây là 4 website mẫu, mỗi...

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

CVE-2025-14137

The Simple AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14137

CVE-2025-14137 – WordPress plugin Simple AL Slider: Reflected Cross‑Site Scripting via the PHP_SELF variable, affected versions up to and including 1.2.10. The issue enables unauthenticated attackers to inject scripts on pages that execute user actions. Public details indicate CVSSv3.1 base score...

CVE-2025-34409

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

CVE-2025-13071

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13072

The HandL UTM Grabber / Tracker WordPress plugin (versions prior to 2.8.1) is affected by CVE-2025-13072 due to improper sanitization/escaping of a parameter before it is reflected back on the page, enabling a Reflected XSS that could target high-privilege users such as admins. The issue is confi...

PT-2025-50306

Name of the Vulnerable Software and Affected Versions HandL UTM Grabber / Tracker WordPress plugin versions prior to 2.8.1 Description The HandL UTM Grabber / Tracker WordPress plugin does not properly sanitize and escape a parameter before displaying it, resulting in a Reflected Cross-Site...

EUVD-2025-202050

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TalentSoft Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957...

CVE-2025-34398 MailEnable < 10.54 Reflected XSS in AddressesBcc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScrip...

CVE-2025-34400 MailEnable < 10.54 Reflected XSS in AddressesTo Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...