WordPress plugin WP Statistics has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-45463

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

PT-2026-45437

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

PT-2026-45397

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

ALSA-2026:22305 Important: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

RockyLinux 9 : php:8.3 (RLSA-2026:22142)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22142 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

Important: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

📄 Lightweight Music Server 3.76.0 Cross Site Scripting

Lightweight Music Server version 3.76.0 suffers from a persistent cross site scripting vulnerability. LMS stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders them in its web interface without HTML-encoding. An attacker who gets a file...

PT-2026-45388

A Stored Cross-site Scripting XSS vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session...

OTRS security vulnerabilities

OTRS is a service management solution developed by the German company OTRS. Version 7.0.x of OTRS contains security vulnerabilities. These vulnerabilities stem from user-controlled inputs during ticket processing, which could allow authenticated attackers to execute reflective cross-site scriptin...

SourceCodester Pharmacy Sales and Inventory System Code Injection Vulnerability

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a code injection vulnerability. This vulnerability arises from improper...

PT-2026-45554

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a manipulation of the argument name /email /people /number results in cross site scripting. The attack can be initiated remotely. The...

PT-2026-45664

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

PT-2026-45369

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Apache ActiveMQ Web versions prior to 5.19.7 Apache ActiveMQ Web versions 6.0.0 through 6.2.5 Description An improper neutralization of input during web page...

Lightweight Music Server Cross-Site Script Vulnerability

Lightweight Music Server is a self-hosted music streaming service developed by Emeric POUPON. Versions of Lightweight Music Server 3.76.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xss attacks, allowing attackers to execute arbitrary...

PT-2026-45439

Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.6 Description Improper neutralization of input during web page generation allows for Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper...

PT-2026-45272

A vulnerability was found in raisulislamg4 student management system by php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission form check.php. The manipulation of the argument Message results in cross site scripting. The attack can be...

PT-2026-45392

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create medicine presentation of the file /ShowForm/create medicine presentation/main. The manipulation of the argument medicine presentation leads to cross site scripting. The attac...

Kiteworks cross-site scripting vulnerabilities

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from reflective cross-site scripting, which could allow external attackers...

sendportal code injection vulnerability

SendPortal is a self-hosted email marketing management tool developed by Mattel. Versions of SendPortal 3.0.1 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the content parameter by the Campaign Handler component in the /webview/ file, which...