CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

CVE-2026-24754

CVE-2026-24754 affects Kiteworks, where a stored XSS vulnerability exists in Secure Data Forms prior to version 9.3.0. An authenticated attacker could execute arbitrary JavaScript in other users’ sessions. The issue is mitigated by upgrading to Kiteworks version 9.3.0 or later, which provides a p...

CVE-2026-24754 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

EUVD-2026-33837

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

CVE-2026-24752 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

CVE-2026-24752

CVE-2026-24752 affects Kiteworks Secure Data Forms prior to version 9.3.0. A reflected XSS could cause a user to execute arbitrary JavaScript, with patch provided in 9.3.0+. CVSSv3.1 base score 8.2 (HIGH): attack vector NETWORK, privileges required NONE, user interaction REQUIRED, scope CHANGED, ...

CVE-2026-24752

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

CVE-2026-24751

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

CVE-2026-10289

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

CVE-2026-10289

The CVE concerns code-projects Hotel and Tourism Reservation System 1.0. Affected is an unknown function in the file /ht/tour.php where manipulating the arguments /email, /people, or /number leads to cross-site scripting. The attack is remote, and the exploit has been released publicly. No remedi...

CVE-2026-10289 code-projects Hotel and Tourism Reservation System tour.php cross site scripting

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

CVE-2026-10289

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

CVE-2026-10289 code-projects Hotel and Tourism Reservation System tour.php cross site scripting

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

EUVD-2026-33763

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

WordPress Easy Cart plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Easy Cart versions = 1.8...

WordPress ZeM STL plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin ZeM STL versions = 1.0...

WordPress Word Replacer plugin <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin Word Replacer versions = 0.4...

WordPress WP Nano AD plugin <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by siyuan shao in WordPress Plugin WP Nano AD versions = 1.31...

WordPress DeMomentSomTres Shortcodes plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin DeMomentSomTres Shortcodes versions = 1.1.1...

CVE-2026-24751 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...