CVE-2025-50001

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

CVE-2025-67618

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4...

CVE-2026-25442

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through = 4.7.2...

CVE-2026-29100

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Versio...

CVE-2026-27068

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Howard Website LLMs.txt website-llms-txt allows Reflected XSS.This issue affects Website LLMs.txt: from n/a through = 8.2.6...

CVE-2026-33135

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

CVE-2026-33136

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

CVE-2026-28073

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2024-46879

A Reflected Cross-Site Scripting XSS vulnerability exists in the POST request data zipPath of tiki-adminsystem.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or...

CVE-2025-41027

GDTaller is affected by CVE-2025-41027 for a Reflected XSS vulnerability. The issue allows an attacker to execute JavaScript in the victim’s browser by delivering a malicious URL via the site parameter of the app_recuperarclave.php endpoint. The linked sources report this as a reflected XSS vulne...

CVE-2025-41027 Multiple vulnerabilities in GDTaller

Reflected Cross Site Scripting XSS vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'apprecuperarclave.php'...

CVE-2025-41026

CVE-2025-41026: Reflected XSS in GDTaller. Vulnerability arises from handling the site parameter in app_login.php, allowing an attacker to cause JavaScript execution in the victim’s browser via a malicious URL. Documents indicate this is a reflected XSS with CVSS v4.0 base score 5.1 (Medium); no ...

EUVD-2026-16084

The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user supplied...

CVE-2026-1986

The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user supplied...

CVE-2026-1986 FloristPress for Woo <= 7.8.2 - Reflected Cross-Site Scripting via 'noresults' Parameter

The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user supplied...

CVE-2026-1986

The CVE concerns FloristPress for Woo – Florist plugin for WordPress. A Reflected Cross-Site Scripting vulnerability exists in all versions up to 7.8.2, caused by insufficient input sanitization and output escaping of the user-supplied noresults parameter. This can allow unauthenticated attackers...

PT-2026-28530

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.2 Description OpenBao, an open source identity-based secrets management system, is susceptible to Reflected Cross-Site Scripting XSS through the error description parameter during failed authentication attempts wh...

CVE-2026-29933

A reflected cross-site scripting XSS vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header...

CVE-2026-29933

CVE-2026-29933 describes a reflected XSS in YZMCMS v7.4, specifically in the "/index/login.html" component. The issue arises when an attacker can modify the referrer header, causing arbitrary Javascript to run in the victim’s browser. Affected product/version: YZMCMS 7.4. Root cause: reflected XS...

CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...