CVE-2026-30569

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewstockavailability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web...

CVE-2026-30570

CVE-2026-30570 affects SourceCodester Sales and Inventory System 1.0. The vulnerability is a Reflected Cross-Site Scripting (XSS) in view_sales.php via the limit parameter, where input is not sanitized, allowing remote attackers to inject arbitrary web scripts or HTML through a crafted URL. Conne...

CVE-2026-30567

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewproduct.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2026-30571

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewcategory.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2026-30570

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewsales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

PT-2026-28410

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Inventory System 1.0. The vulnerability is located in the view stock availability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script o...

Exploit for CVE-2026-29971

CVE-2026-29971 An attacker can execute arbitrary JavaScript in...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the OIDC authentication error message handling process. An attacker can execute arbitrary JavaScript in the context of the user's browser by crafting a malicious input that is reflected in the error message...

GO-2026-4861 Hydra has Reflected XSS via error_hint parameter in github.com/ory/hydra

Hydra has Reflected XSS via errorhint parameter in github.com/ory/hydra. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

GHSA-3JG4-P23X-P4QX Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag

Impact The user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Patches This has been fixed in 5.73.16 and 6.7.2...

Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag

Impact The user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Patches This has been fixed in 5.73.16 and 6.7.2...

CVE-2025-69096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zorka: from n/a through = 1.5.7...

CVE-2026-25033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uixthemes Motta Addons motta-addons allows Reflected XSS.This issue affects Motta Addons: from n/a through 1.6.1...

CVE-2026-25356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through 1.6.7...

CVE-2026-25383

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through = 3.6.16...

CVE-2026-25352

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through 1.5.9...

CVE-2026-25361

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through = 5.1.4...

CVE-2026-25013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WHMCSdes Phox Hosting phox-host allows Reflected XSS.This issue affects Phox Hosting: from n/a through = 2.0.8...

CVE-2026-25350

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through 1.5.3...

CVE-2026-25349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Loobek loobek allows Reflected XSS.This issue affects Loobek: from n/a through 1.5.2...