CVE-2026-8626

CVE-2026-8626 concerns the SponsorMe WordPress plugin, vulnerable to Reflected Cross-Site Scripting via the PHP_SELF parameter in all versions up to 0.5.2. The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary scripts int...

EUVD-2026-31015

The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.97.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-13515

CVE-2025-13515 refers to the Nouri.sh Newsletter WordPress plugin vulnerability. The issue is a Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] parameter in all versions up to and including 1.0.1.3, caused by insufficient input sanitization and output escaping. The Wordfence detail co...

CVE-2025-13513

The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2021-40928

Cross-site scripting XSS vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHPSELF parameter...

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

CVE-2021-40925

Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHPSELF parameter...

CVE-2021-40928

CVE-2021-40928 is an XSS vulnerability in the development version of FlexTV (index.php) exploitable via the PHP_SELF parameter. The issue arises from unsanitized input in index.php, enabling remote attackers to inject arbitrary web script or HTML. Impact details in the documents indicate a relati...

CVE-2021-40928

Cross-site scripting XSS vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHPSELF parameter...

OSSIM 2.2.1 '$_SERVER['PHP_SELF']' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/39145/info OSSIM is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...