CVE-2024-49632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Senthil Vel CWD 3D Image Gallery cwd-3d-image-gallery allows Reflection Injection.This issue affects CWD 3D Image Gallery: from n/a through = 1.0...

CVE-2024-0200

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

XVIDEOS: Error Page Content Spoofing or Text Injection

The content spoofing vulnerability on multi.xnxx.com allowed arbitrary text to be injected into error pages. The injected content was reflected back to users under the trusted domain, which could have been exploited for social engineering attacks...

PT-2025-4962 · Unknown · Notifikácie.Sk

Name of the Vulnerable Software and Affected Versions: Notifikácie.sk versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a Reflected XSS vulnerability. This means th...

Remote Code Execution (RCE)

system.linq.dynamic.core is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient input validation and improper access control when handling reflection types and static properties/fields in the System.Linq.Dynamic.Core library, allows remote access without proper...

PT-2025-4948 · Cubepm · Cubepm

Name of the Vulnerable Software and Affected Versions: CubePM versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This means that an attacker can inject malicious scripts in...

PT-2025-5500 · WordPress · Wp Multi Store Locator

Name of the Vulnerable Software and Affected Versions: WP Multi Store Locator versions 2.4.7 and earlier Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows for Reflected XSS attacks. This means that an attacker can inject malicious...

CVE-2025-24025

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site...

Coolify 安全漏洞

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a cross-site scripting vulnerability that stems from allowing a user to search for tags on a tabbed page, and if the search does not return any results, the query is reflected in an error...

PT-2025-4959 · Dforms · Dforms

Name of the Vulnerable Software and Affected Versions: dForms versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables potential attackers to inject...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to improper handling of property access on reflection types and static properties/fields. An attacker can list installed nuget packages' names and versions through attributes and base types they require by...

GHSA-4CV2-4HJH-77RX Property reflection in System.Linq.Dynamic.Core

An issue in System.Linq.Dynamic.Core versions before v.1.6.0 allow remote access to properties on reflection types and static properties/fields...

Property reflection in System.Linq.Dynamic.Core

An issue in System.Linq.Dynamic.Core versions before v.1.6.0 allow remote access to properties on reflection types and static properties/fields...

CVE-2024-51417

An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields...

CVE-2024-51417

An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields...

CVE-2024-51417

An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields...

CVE-2024-51417

CVE-2024-51417 affects System.Linq.Dynamic.Core prior to 1.6.0. It allows remote access to properties on reflection types and static properties/fields. Affects versions before 1.6.0; remediation is to upgrade to version 1.6.0 or later. Connected sources confirm Red Hat, Veracode, GitHub advisorie...

CVE-2024-51417

An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields...

PT-2025-2899 · Unknown · System.Linq.Dynamic.Core

Name of the Vulnerable Software and Affected Versions: System.Linq.Dynamic.Core versions prior to 1.6.0 Description: An issue in System.Linq.Dynamic.Core allows remote access to properties on reflection types and static properties/fields. Recommendations: For versions prior to 1.6.0, update to...

PT-2025-5149 · Unknown · Rollover Tab

Name of the Vulnerable Software and Affected Versions: Rollover Tab versions 1.3.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This means an attacker can inject malicious scripts into t...