CVE-2026-27937

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and...

GI-DocGen vulnerable to Reflected XSS via unescaped query strings

A flaw was found in GI-DocGen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

EUVD-2022-4996

Malicious code in bioql PyPI...

PT-2024-39211 · WordPress · Roles & Capabilities

Name of the Vulnerable Software and Affected Versions: Roles & Capabilities plugin for WordPress versions up to, and including, 1.1.9 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...

CVE-2017-3161

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting XSS attack through an unescaped query parameter...

CVE-2017-3161

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting XSS attack through an unescaped query parameter...