CVE-2026-30556

The CVE-2026-30556 entry concerns SourceCodester Sales and Inventory System 1.0, where index.php is vulnerable via the msg parameter. It is a reflected XSS caused by insufficient input sanitization, allowing remote attackers to inject arbitrary scripts/HTML when a crafted URL is visited. Corrobor...

PT-2026-29053

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

CVE-2026-33883

Overview: CVE-2026-33883 affects Statamic CMS (Laravel/Git-powered). Prior to versions 5.73.16 and 6.7.2, the tag user:reset_password_form could render user input directly into HTML without escaping, enabling a reflected XSS via a crafted URL that executes arbitrary JavaScript in a victim’s brows...

CVE-2026-34375 AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the $REQUEST'plugin' parameter into a JavaScript block without any encoding or sanitization. The plugin parameter is not included in any of the...

CVE-2026-34375

CVE-2026-34375 : WWBN AVideo

CVE-2026-34375 AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the $REQUEST'plugin' parameter into a JavaScript block without any encoding or sanitization. The plugin parameter is not included in any of the...

CVE-2026-34375 AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the $REQUEST'plugin' parameter into a JavaScript block without any encoding or sanitization. The plugin parameter is not included in any of the...

CVE-2026-30568

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the viewpurchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2026-30567

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewproduct.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2026-30570

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewsales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2026-30569

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewstockavailability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web...

EUVD-2025-209096

A Reflected Cross-Site Scripting XSS vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filtertype1 parameter...

CVE-2021-27340

OpenSIS Community Edition version = 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter...

CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

CVE-2026-33758

CVE-2026-33758 affects OpenBao before 2.5.2. When OIDC/JWT auth is enabled and a role has callback_mode=direct, an XSS flaw exists in the error_description parameter during failed authentication, enabling access to the token used in the Web UI. The issue is fixed in v2.5.2; mitigation is to remov...

CVE-2026-1986

The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and including, 7.8.2 due to insufficient input sanitization and output escaping on the user supplied...

CVE-2026-30569

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewstockavailability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web...

CVE-2026-30568

CVE-2026-30568 describes a reflected XSS in SourceCodester Sales and Inventory System 1.0, arising from the view_purchase.php file via the limiter parameter. The input is not properly sanitized, enabling arbitrary script/HTML injection when a crafted URL is accessed. Connected sources consistentl...

CVE-2026-30571

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewcategory.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2025-61190

A Reflected Cross-Site Scripting XSS vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filtertype1 parameter...