GHSA-C3H8-G69V-PJRG i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

PT-2026-29627

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative configuration fields, including Company Name, Slogan, Company Phone, Compa...

CVE-2025-14313

The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13071

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2256

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting...

PHPCart 3.1.2 'search.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37567/info PHPCart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...