WordPress plugin Correct Prices 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

ATutor 跨站脚本漏洞

ATutor is a set of open-source web-based Learning Content Management Systems LCMS developed by the Atutor team. This system includes modules for teaching content management, forums, chat rooms, etc. Version 2.2.4 of ATutor has a cross-site scripting vulnerability. This vulnerability stems from th...

GeoVision LPC2011和GeoVision LPC2211 跨站脚本漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring devices produced by the Chinese company GeoVision. Version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain a cross-site scripting vulnerability. This vulnerability stems from the ssi.cgi function in the Web Interface, whi...

Silverpeas Core 跨站脚本漏洞

Silverpeas Core is an open-source project developed by Silverpeas, used for building and running collaborative and social web portals. Versions of Silverpeas Core prior to 6.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the AdvancedSearch feature having...

Joomla JLex Review 跨站脚本漏洞

Joomla JLex Review is an open-source user comment and rating management extension developed by JLxeArt. Version 6.0.1 of Joomla JLex Review contains a cross-site scripting vulnerability, which stems from improper handling of the reviewid parameter. This vulnerability may lead to reflective...

CVE-2026-33911

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter title is reflected back in a JSON response built with jsonencode. Because the response is served with a text/html Content-Type, the browser...

Support Board 跨站脚本漏洞

Support Board is a sales chat software developed by the British company Support Board. Version 3.7.7 of Support Board contains a cross-site scripting vulnerability, which stems from incorrect handling of the parameter 'search' in the file /supportboard/include/articles.php. This vulnerability may...

LASS 跨站脚本漏洞

LASS is an open-source environmental monitoring sensor network system developed by LinkItONEDevGroup. Versions of LASS starting from f06bd20 and earlier have a cross-site scripting vulnerability. This vulnerability stems from the PM25.php file, which contains a reflective cross-site scripting...

OpenText Vertica 跨站脚本漏洞

OpenText Vertica is a relational database management system RDBMS from OpenText Canada. It can efficiently store massive amounts of data. OpenText Vertica has a cross-site scripting vulnerability, which stems from improper input during web page generation. This vulnerability may lead to reflectiv...

International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞

The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...

SODOLA SL902-SWTGW124AS 跨站脚本漏洞

SODOLA SL902-SWTGW124AS is an industrial switch manufactured by the Spanish company SODOLA. Versions of SODOLA SL902-SWTGW124AS prior to 200.1.20 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflective cross-site scripting vulnerability in the management...

WordPress plugin bbpress Simple Advert Units 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is an open-source firewall operating system based on GNU/Linux, developed by Smoothwall. Version 3.1-SP4-polar-x8664-update9 of Smoothwall Express contains a cross-site scripting vulnerability. This vulnerability stems from multiple reflective cross-site scripting vulnerabiliti...

MiniGal Nano 跨站脚本漏洞

MiniGal Nano is a PHP album program developed by Rybber’s individual developer. Versions of MiniGal Nano prior to 0.3.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the dir parameter in the index.php file, which allowed for reflective cross-site scripting,...

CVE-2025-71179

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...

WordPress plugin Grand Spa has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Webgrind 跨站脚本漏洞

Webgrind is a web-based PHP performance analysis tool from the individual developer Joakim Nygård. A cross-site scripting vulnerability exists in Webgrind 1.1 and earlier versions, which stems from insufficiently encoded user input in the file parameter of index.php, and could lead to a reflectiv...

CVE-2022-23137

ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker could modify the parameters in the content clearing request url, and when a user clicks the url, an XSS attack will be triggered...

WordPress plugin MG AdvancedOptions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

Tarkov Data Manager 跨站脚本漏洞

Tarkov Data Manager is a database management tool from The Hideout open source. A cross-site scripting vulnerability exists in versions of Tarkov Data Manager prior to 02/01/2025, which stems from the presence of reflective cross-site scripting in the toast notification system that could lead to ...