CVE-2026-5668 Cyber-III Student-Management-System add%20notice.php cross site scripting

A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $SERVER'PHPSELF' causes cross site scripting. It is possible to initiate th...

CVE-2025-14131

The WP Widget Changer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress WPLG Default Mail From plugin <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WPLG Default Mail From versions = 1.0.0...

CVE-2021-34658

The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7...

CVE-2021-34644

The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7...