CVE-2020-23014

APfell 1.4 is vulnerable to authenticated reflected cross-site scripting XSS in /apiui/command through the payloadtypescallback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel...

EUVD-2021-11110

Malware in sbrugna...

EUVD-2022-40712

Malicious code in bioql PyPI...

EUVD-2023-36847

Malicious code in bioql PyPI...

CVE-2023-32537

Affected versions Trend Micro Apex Central on-premise are vulnerable to potential authenticated reflected cross-site scripting XSS attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order ...

CVE-2022-29975

An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0...

CVE-2025-46350 Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

CVE-2024-55226

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...

CVE-2023-51068

An authenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...

Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)

Exploit Title: Simple Food Ordering System v1.0 - Cross-Site Scripting XSS Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0902 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Simple Food Ordering System Version: v 1...

Simple Food Ordering System 1.0 Cross Site Scripting

Simple Food Ordering System - Authenticated Reflected Cross Site Scripting Date: 17 February 2023 CVE Assigned: CVE-2023-0902 mitre.org nvd.nist.org Author Email: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link: Simple Food Ordering System Version: v 1.0...

PT-2022-23350 · Totalsoft · Totalsoft Event Calendar – Calendar Plugin

Name of the Vulnerable Software and Affected Versions: Totalsoft Event Calendar – Calendar plugin versions 1.4.6 and earlier Description: The issue is related to an Authenticated Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially inject malicious scrip...

CVE-2022-29976

An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0...

CVE-2022-29975

CVE-2022-29975 is an authenticated reflected Cross-Site Scripting vulnerability in MDaemon prior to 22.0.0. The issue arises from insufficient data validation/filtering of user-supplied and output data via the CC parameter, allowing an attacker with valid credentials to inject script that could e...

CVE-2021-36875 WordPress uListing plugin <= 2.0.5 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability

Cross-site Scripting XSS vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5...

WordPress uListing plugin <= 2.0.5 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Vulnerable parameters: &filterid, &filteruser, &filterexpireddate, &filtercreateddate, &filterupdateddate. Solution Update the WordPress uListing...

Video Posts Webcam Recorder < 3.2.4 - Authenticated Reflected XSS

The plugin has an authenticated reflected cross site scripting XSS vulnerability in one of the administrative functions for handling deletion of videos. .../wp-content/plugins/video-posts-webcam-recorder/posts/videowhisper/recordedvideos.php?delete=%3Cscript%3Ealert1%3C/script%3E...

CVE-2021-24306 Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue...

CVE-2021-24196

The CVE-2021-24196 entry concerns the Social Slider Widget WordPress plugin (

CVE-2021-24196 Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized...