CVE-2025-15654 WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8...

EUVD-2025-210045

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8...

CVE-2025-15654

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8...

CVE-2025-15654

CVE-2025-15654 describes a Reflected XSS in the Fox-themes Prague WordPress plugin (≤ 2.2.8). The root cause is improper neutralization of input during web page generation. Affected software is the Prague plugin, with vulnerable versions listed as up to 2.2.8; the issue is classified with CVSS 3....

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Funnel Builder by FunnelKit versions = 3.15.0.2...

rConfig 3.9.4 - Cross-Site Scripting

rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php id: CVE-2020-12259 info: name: rConfig 3.9.4 - Cross-Site Scripting...

Chamilo LMS <= 1.11.24 - Remote Code Execution

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. id: CVE-2023-422...

SUSE CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

EUVD-2026-34054

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

CVE-2026-7421

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

EUVD-2026-34169

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

PT-2026-46102

Impact It’s a “moderate” vulnerability… but being an admin panel, we take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them...

CVE-2026-39107

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is...

PT-2026-45954

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

CVE-2026-36748

RockRMS vulnerability CVE-2026-36748 affects v16.13 and earlier of RockRMS up to v17.7.0, allowing Cross Site Scripting (XSS) via social media links in a user profile. The connected documents confirm the affected product version range and the XSS impact, but do not provide rooted technical detail...

PT-2026-45905

Name of the Vulnerable Software and Affected Versions Fox-themes Prague versions prior to 2.2.9 Description Improper neutralization of input during web page generation allows Reflected Cross-site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper...

PT-2026-45942

ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting XSS in multiple attributes of students and teachers objects. An authorized attacker e.g., a teacher or administrator can inject malicious JavaScript that is subsequently executed in other users’ browsers...

Linux Distros Unpatched Vulnerability : CVE-2026-5385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

Linux Distros Unpatched Vulnerability : CVE-2026-44581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces...

CVE-2026-39107

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is...