950 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-21627
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the...
Linux Distros Unpatched Vulnerability : CVE-2021-32478
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3...
Reflected Cross-Site Scripting (Reflected XSS)
com.liferay, com.liferay.expando.web are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayexpandowebportletExpandoPortletdisplayType parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a...
CVE-2025-40642
CVE-2025-40642 is a reflected Cross-Site Scripting (XSS) vulnerability in WebWork exploited via the q and engine parameters in /search. Affected software is WebWork; the vulnerability stems from improper handling of user-supplied input in the search query, enabling remote code execution in the co...
CVE-2025-58845
Cross-Site Request Forgery CSRF vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through = 1.6.10...
CVE-2025-58848
Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...
CVE-2025-8695
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad NetGIS Server allows Reflected XSS. This issue affects NetGIS Server: from 5.2.4 through 22.08.2025...
CVE-2025-58854
Cross-Site Request Forgery CSRF vulnerability in Samer Bechara Ultimate AJAX Login ultimate-ajax-login allows Reflected XSS.This issue affects Ultimate AJAX Login: from n/a through = 1.2.1...
CVE-2025-58855
CVE-2025-58855 affects AP HoneyPot WordPress Plugin (Versions up to 1.4). Public records describe an improper neutralization of formula elements in a CSV file leading to reflected XSS, and related sources also flag a CSRF vulnerability in the plugin’s CSRF handling. The combination implies an imp...
CVE-2025-58854
CVE-2025-58854 affects WordPress plugin Ultimate AJAX Login (versions n/a–1.2.1). The vulnerability is CSRF that enables a Reflected XSS, with CVSS 3.1 base score 7.1 (HIGH; UI: Required, AV:N, AC:L, PR:N; scope CHANGED; C/L/A/L factors). Exploitation context indicates that user interaction is re...
CVE-2025-58854 WordPress Ultimate AJAX Login Plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Samer Bechara Ultimate AJAX Login ultimate-ajax-login allows Reflected XSS.This issue affects Ultimate AJAX Login: from n/a through = 1.2.1...
CVE-2025-58848 WordPress WP likes Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through = 3.1.1...
CVE-2025-58848
CVE-2025-58848 concerns WordPress plugin WP Likes (versions up to 3.1.1). The vulnerability is a CSRF issue that also enables reflected XSS when exploited, as described in multiple sources. Affected software: WP Likes
CVE-2025-58845
CVE-2025-58845 affects WordPress Bulk Watermark plugin (versions up to 1.6.10). Description: CSRF vulnerability that allows reflected XSS. CVSS v3.1 base score 7.1 (HIGH); vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. Connected sources do not specify a fixed patch version; no remediation details p...
CVE-2025-58846 WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and...
CVE-2025-58845 WordPress Bulk Watermark Plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through = 1.6.10...
CVE-2025-58809
CVE-2025-58809 affects the WordPress plugin “To Lead For Salesforce.” The vulnerability is a Cross-Site Request Forgery (CSRF) vulnerability that can also enable a reflected XSS. Affected versions are listed as n/a through 2.7.3.9. Remediation per sources is to update to a version later than 2.7....
CVE-2025-58809 WordPress To Lead For Salesforce Plugin <= 2.7.3.9 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through = 2.7.3.9...
PT-2025-36193
Name of the Vulnerable Software and Affected Versions: Ultimate AJAX Login versions n/a through 1.2.1 Description: The software contains a Cross-Site Request Forgery CSRF vulnerability that also allows Reflected Cross-Site Scripting XSS. Recommendations: Update Ultimate AJAX Login to a version...
PT-2025-36185
Name of the Vulnerable Software and Affected Versions: Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule versions n/a through 2020.1.0 Description: A Cross-Site Request Forgery CSRF vulnerability exists in Dejan Markovic WordPress Buffer ...