32428 matches found
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to reflected XSS vulnerability in AFT (CVE-2026-0835)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed reflected XSS vulnerability Vulnerability Details CVEID:CVE-2026-0835 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway is vulnerable to cross-site scripting. This vulnerability allows an...
CLSA-2026-1777539404 squid34: Fix of 12 CVEs
CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...
Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion
Summary An unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode square brackets. A subsequent call to Language::prepareTextPlaceholder...
GHSA-55WF-5M3Q-6JJF ipl/web is vulnerable to reflected XSS by malformed search requests
Impact The vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. Patches Version 0.13.1 includes a fix for...
ipl/web is vulnerable to reflected XSS by malformed search requests
Impact The vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. Patches Version 0.13.1 includes a fix for...
CVE-2026-42652
CVE-2026-42652 pertains to the WordPress plugin User Registration (versions
EUVD-2026-26219
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through = 5.1.5...
EUVD-2025-209586
The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...
CVE-2025-10503 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity Server
The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...
CVE-2025-10503
The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...
CVE-2025-10503
WSO2 Identity Server: CVE-2025-10503 is a reflected cross-site scripting flaw in the authentication endpoint caused by insufficient output encoding for user-supplied input. This allows injection of malicious JavaScript payloads that can redirect users, alter the UI, or retrieve information from t...
CVE-2026-37750
A reflected Cross-Site Scripting XSS vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php...
PT-2026-35907
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through = 5.1.5...
PT-2026-35879
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allo...
CVE-2026-27243
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session...
CVE-2026-27245
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session...
CVE-2026-37750
A reflected Cross-Site Scripting XSS vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php...
CVE-2026-37750
CVE-2026-37750 is a real, in-the-wild reflected XSS in the School Management System (vendor: mahmoudai1, product: School Management System, version 1.0). The vulnerability is triggered via the unsanitized type parameter in register.php, where user input is echoed back (e.g., echo ucfirst($_REQUES...
reflected-xss-demo
Reflected XSS Demo Small intentionally vulnerable loca...
CVE-2026-38936
Diskover-Community