CVE-2024-22307

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7...

CVE-2023-6278

The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteshiperror and biteshipmessage parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high...

CVE-2023-0769

The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins...

CVE-2023-6050

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-6882

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environmentmode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-6632

The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 versions up to 2.9.1.1 in Happy Addons for Elementor Pro due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-6555

The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-6161

The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-43675

An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all...

CVE-2023-6122

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı allows Reflected XSS.This issue affects Softomi Gelişmiş C2C Pazaryeri Yazılımı: before 12122023...

CVE-2023-48455

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-48443

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

PT-2023-30510 · Relyum · Rely-Rec +1

Name of the Vulnerable Software and Affected Versions: RELY-PCIe version 22.2.1 RELY-REC version 23.1.0 Description: An issue was discovered in the Relyum devices, where the web interfaces are susceptible to reflected XSS. Recommendations: For RELY-PCIe version 22.2.1, consider disabling access t...

CVE-2022-48614

Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS...

CVE-2023-5210

The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-5141

The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the insertedcount parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

The vulnerability of NagiosXI software, related to the lack of measures taken to protect the website structure, allows attackers to execute XSS-type attacks.

The vulnerability of NagiosXI software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out a type of attack known as reflected XSS...

CVE-2023-5211

The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability...

CVE-2023-4250

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2023-27038 · WordPress · Winters Theme

Name of the Vulnerable Software and Affected Versions: Winters theme for WordPress versions up to, and including, 1.4.3 Description: The issue is related to Reflected Cross-Site Scripting via prototype pollution due to insufficient input sanitization and output escaping. This allows unauthenticat...