CVE-2026-27683 Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...

CVE-2025-65136

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter...

CVE-2025-65134

In manikandan580 School-management-system 1.0, a reflected cross-site scripting XSS vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter...

CVE-2025-65136

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter...

PT-2026-32660

CVE-2025-65136 In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter. https://t.co/Nv3V9nifh4...

PT-2026-32721

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

CVE-2025-65134

CVE-2025-65134 affects manikandan580 School-management-system 1.0. A reflected XSS in /studentms/admin/contact-us.php via the email POST parameter is reported. The CVSS 3.1 base metrics show Network attack vector, Low complexity, No privileges, user interaction required, with Confidentiality and ...

CVE-2025-65136

Summary: CVE-2025-65136 affects the Manikandan580 School-management-system 1.0. The vulnerability is a reflected XSS in the admin-facing page /studentms/admin/contact-us.php, exploitable via the pagedes POST parameter. The accompanying data from multiple sources (NVD, EUVD-ENISA, CVE lists, and v...

School-Management-System 安全漏洞

School-Management-System is a school management system developed by Lahiru Danushka. Version 1.0 of School-Management-System has security vulnerabilities, which stem from improper handling of email POST parameters in the file /studentms/admin/contact-us.php. This could lead to reflection-type...

PT-2026-32763

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

PT-2026-32520

Name of the Vulnerable Software and Affected Versions Vtiger CRM version 8.4.0 Description A reflected cross-site scripting XSS issue exists in the MailManager module, where XSS is a type of attack that injects malicious scripts into a trusted website. Improper handling of user-controlled input i...

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

📄 Omega-PSIR Cross Site Scripting

Omega-PSIR suffers from a cross site scripting vulnerability via the lang parameter. CVE-2026-1434: Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a... Overview | Field | Details | |---|---| | CVE ID | CVE-2026-1434 | | Severity | MEDIUM | | Advisory | N/A...

Vtiger CRM 安全漏洞

Vtiger CRM is a customer relationship management system developed by Vtiger Corporation in the United States, based on SugarCRM. This system provides functions for managing, collecting, and analyzing customer information. Version Vtiger CRM 8.4.0 has a security vulnerability, which stems from...

CVE-2026-31845

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

CVE-2026-5226

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

CVE-2026-5226 Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

CVE-2026-5226 Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the getcurrenturl function, which are inserted into...

CVE-2026-5226

The CVE concerns the WordPress plugin Optimole – Optimize Images in Real Time, affected up to version 4.2.3. It describes a Reflected Cross-Site Scripting (XSS) flaw caused by insufficient output escaping of user-supplied URL paths in get_current_url(), which are inserted into JavaScript by repla...