CVE-2026-7371

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

CVE-2026-42366

GeoVision LPC2011/LPC2211 Web Interface (ssi.cgi) contains reflected XSS vulnerabilities in version 1.10. A crafted URL can trigger arbitrary JavaScript execution in the context of the user’s browser. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N with a base score of 7.4 (HIGH). Expl...

PT-2026-36740

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

PT-2026-36789

Name of the Vulnerable Software and Affected Versions Tegsoft Management and Information Services Trade Limited Company Online Support Application versions V3 through 31122025 Description Improper neutralization of input during web page generation allows Reflected Cross-Site Scripting XSS, a flaw...

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code for a service page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the...

Astra Linux – Vulnerability in Firefox and Thunderbird

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could lead to reflected file download attacks that potentially trick users into installing malware. This vulnerability affects Firefox 112, Focu...

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing XSS payloads for action pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page, and can make arbitrary modifications to the contents of the page displayed to the victim. This attack can be...

Astra Linux – Vulnerability in Firefox, Thunderbird

When accessing directory listings for chrome:// URLs as source text, certain parameters are reflected. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code on its own pages and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...

Astra Linux – Vulnerability in Zabbix

Reflected XSS attacks occur when a malicious script is reflected from a web application into the victim’s browser. The script can be activated through action form fields, which are sent as requests to a website with vulnerabilities that allow the execution of malicious scripts...

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code on it for the discovery page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

dvwa-xss

Cross-Site Scripting XSS Attack & Analysis — DVWA A hands-o...

Exploit for CVE-2026-41200

CVE-2026-41200 — STIG Manager OIDC Reflected XSS PoC Conceptu...

CLSA-2026-1777541147 squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

squid34: Fix of 12 CVEs

CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...

WordPress Advanced Scrollbar – Custom Scrollbar Styling and Behavior plugin <= 1.1.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Advanced scrollbar versions = 1.1.3...

WordPress Auto-Install Free SSL – Generate & Install Free SSL Certificates plugin <= 4.5.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Free SSL Certificate Plugin, HTTPS Redirect, Renewal Reminder – Auto-Install Free SSL versions = 4.5.0...

WordPress AWCA – The Great Analytics Insights for Your eStore plugin <= 3.12.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Advanced WC Analytics versions = 3.12.0...

WordPress Easy Age Verify plugin <= 1.8.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Easy Age Verify versions = 1.8.5...

WordPress EleSpare – News, Magazine and Blog Addons for Elementor plugin <= 3.3.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Elespare versions = 3.3.2...