CVE-2019-25445

Fiverr Clone Script 1.2.2 contains a cross-site scripting (XSS) vulnerability in the keyword parameter of search-results.php. Unauthenticated attackers can craft URLs with script tags in the keyword parameter to execute arbitrary JavaScript in users’ browsers. CVSS data provided: CVSS v4.0 base s...

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

CVE-2026-27505 SVXportal <= 2.5 admin/user_action.php Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

CVE-2026-27505

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow index.php submitting to admin/useraction.php. User-supplied fields such as Firstname, lastname, and email are stored in the backend database without adequate output encoding and a...

CVE-2026-27503

SVXportal 2.5 and earlier versions are affected by a reflected XSS in admin/log.php triggered via the search query parameter. When an authenticated administrator loads a crafted URL, the unsanitized parameter value is embedded into an HTML input value attribute, enabling attacker-supplied JavaScr...

CVE-2026-27503 SVXportal <= 2.5 admin/log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

CVE-2026-27502

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

CVE-2026-27502 SVXportal <= 2.5 log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...

CVE-2025-68846

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

CVE-2026-24959 WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...

CVE-2026-24959 WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...

CVE-2025-68846

CVE-2025-68846 is a Reflected XSS affecting WordPress plugin Asynchronous Javascript (versions 1.3.5 (or later as released). Technical details are supported by connected Red Hat, NVD, CVE, and PatchStack entries indicating an XSS vulnerability in this plugin and the stated affected range; no exp...

CVE-2025-68846 WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

CVE-2025-68846 WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

CVE-2026-25596

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any...

CVE-2026-27176

MajorDoMo aka Major Domestic Module contains a reflected cross-site scripting XSS vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via htmlspecialchars, both in an input field value attribute and in a paragraph element. An attacker can...

SUSE CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

PT-2026-21290

Name of the Vulnerable Software and Affected Versions Google Cloud Vertex AI SDK google-cloud-aiplatform versions 1.98.0 through 1.130.9 Description A Stored Cross-Site Scripting XSS issue exists in the genai/ evals visualization component of Google Cloud Vertex AI SDK. This allows an...

PT-2026-21324

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

PT-2026-21108

Name of the Vulnerable Software and Affected Versions Asynchronous Javascript versions n/a through 1.3.5 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting condition. This allows for the executio...