OpenText Vertica 跨站脚本漏洞

OpenText Vertica is a relational database management system RDBMS from OpenText Canada. It can efficiently store massive amounts of data. OpenText Vertica has a cross-site scripting vulnerability, which stems from improper input during web page generation. This vulnerability may lead to reflectiv...

CVE-2026-31859 Craft has Reflective XSS via incomplete return URL sanitization

Craft is a content management system CMS. The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes...

CVE-2026-31859 Craft has Reflective XSS via incomplete return URL sanitization

Craft is a content management system CMS. The fix for CVE-2025-35939 in craftcms/cms introduced a striptags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, striptags only removes HTML tags angle brackets -- it does not inspect or filter URL schemes...

Eventobot 跨站脚本漏洞

Eventobot is a ticketing management system developed by Eventobot Inc. Eventobot has a cross-site scripting vulnerability, which stems from insufficient cleaning and escaping of the name parameter. This vulnerability may lead to reflective cross-site scripting attacks...

WordPress plugin Starto 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Awa Plugins 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface 安全漏洞

The International Datacasting SFX Series SuperFlex Satellite Receiver Web management interface is a web-based management backend for the satellite receiver devices produced by the International Datacasting company. Version 101 of the International Datacasting SFX Series SuperFlex Satellite Receiv...

Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 跨站脚本漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the keywordactive parameter in the admin/userlist.php file, which could lead to reflective...

Omega-PSIR 跨站脚本漏洞

Omega-PSIR is a comprehensive scientific information management system operated by Politechnika Warszawska. Omega-PSIR has a cross-site scripting vulnerability, which stems from the reflective cross-site scripting present in the lang parameter. This vulnerability could allow attackers to execute...

SODOLA SL902-SWTGW124AS 跨站脚本漏洞

SODOLA SL902-SWTGW124AS is an industrial switch manufactured by the Spanish company SODOLA. Versions of SODOLA SL902-SWTGW124AS prior to 200.1.20 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflective cross-site scripting vulnerability in the management...

Copyparty 跨站脚本漏洞

Copyparty is a portable file server developed by Ed’s individual developer. Versions of Copyparty prior to 1.20.9 contained a cross-site scripting vulnerability, which was caused by the URL parameter setck, which allowed for reflective cross-site scripting...

LibreNMS 跨站脚本漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 contained a cross-site scripting vulnerability. This...

WordPress plugin bbpress Simple Advert Units 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

WordPress plugin DesignThemes Core Features 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

OrientDB 跨站脚本漏洞

OrientDB is an open-source multi-model database developed by OrientDB. Version 3.0.17 of OrientDB has a cross-site scripting vulnerability. This vulnerability stems from improper handling of JSON payloads submitted to the document endpoint, which may lead to reflective cross-site scripting attack...

phpMoAdmin 跨站脚本漏洞

phpMoAdmin is a MongoDB database management tool developed by Valentin Hilbig. Version 1.1.5 of phpMoAdmin contains a cross-site scripting vulnerability, which stems from improper cleaning of the newdb parameter. This vulnerability may lead to reflective cross-site scripting attacks...

WordPress plugin Aruba HiSpeed Cache 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Comodo Dome Firewall 跨站脚本漏洞

Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation of the username parameter at th...

Comodo Dome Firewall 跨站脚本漏洞

Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the device parameter input in QoS device...