CVE-2025-8276

CVE-2025-8276 affects Patika Global Technologies’ HumanSuite (prior to 53.21.0). The issue stems from improper encoding/escaping of output and insufficient neutralization of input in web page generation, enabling Cross-Site Scripting (XSS) and injection-style risks (including potential code/data ...

CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

CVE-2025-8276 HTML Injection in Patika Global Technologies' HumanSuite

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting', Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Patika Global Technologies HumanSuite allows...

CVE-2025-47694 WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-53693

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cache Poisoning.This issue affects Sitecore Experience Manager XM: from 9.0 through 9.3, from 10.0 through 10.4;...

Yii Framework < 2.0.52 Unsafe Reflection Regression (GHSA-ggwg-cmwp-46r5)

The version of Yii Framework installed on the remote host is prior to 2.0.52. It is, therefore, affected by an unsafe reflection vulnerability. - Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in...

Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add

Summary A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the lead:addLeadTags process. An attacker can execute arbitrary JavaScript in another user's browser session by injecting malicious input into the Tags field, which is reflected in the server's response...

CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-53693

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cache Poisoning.This issue affects Sitecore Experience Manager XM: from 9.0 through 9.3, from 10.0 through 10.4;...

CVE-2025-53693 HTML Cache Poisoning through Unsafe Reflections

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cache Poisoning.This issue affects Sitecore Experience Manager XM: from 9.0 through 9.3, from 10.0 through 10.4;...

CVE-2025-53693

CVE-2025-53693 is an HTML cache poisoning vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) caused by using externally-controlled input to select classes or code (Unsafe Reflection). Affected products: XM 9.0–9.3 and 10.0–10.4; XP 9.0–9.3 and 10.0–10.4. The underlying...

CVE-2025-53693 HTML Cache Poisoning through Unsafe Reflections

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Sitecore Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Cache Poisoning.This issue affects Sitecore Experience Manager XM: from 9.0 through 9.3, from 10.0 through 10.4;...

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic that stems from user-supplied input being reflected back as a response in the server...

Linux Distros Unpatched Vulnerability : CVE-2018-18541

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send...

Linux Distros Unpatched Vulnerability : CVE-2024-45699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection o...

Linux Distros Unpatched Vulnerability : CVE-2022-30287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to...

Next.js Improper Middleware Redirect Handling Leads to SSRF

A vulnerability in Next.js Middleware has been fixed in v14.2.32 and v15.4.7. The issue occurred when request headers were directly passed into NextResponse.next. In self-hosted applications, this could allow Server-Side Request Forgery SSRF if certain sensitive headers from the incoming request...

Secure Satellite Communications Via Multiple Aerial RISs: Joint Optimization of Reflection, Association, and Deployment

Satellite communication is envisioned as a key enabler of future 6G networks, yet its wide coverage with high link attenuation poses significant challenges for physical layer security. In this paper, we investigate secure multi-beam, multi-group satellite communications assisted by aerial...

Linux Distros Unpatched Vulnerability : CVE-2018-1000613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlle...