Lucene search
K

32410 matches found

NVD
NVD
added 3 hours ago4 views

CVE-2026-54303

n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user...

6.8CVSS0.00038EPSS
Exploits0References1
CVE
CVE
added 4 hours ago7 views

CVE-2026-54303

Summary of CVE-2026-54303 (n8n): An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or CSP headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. Affected component: n8n trigger no...

6.8CVSS5.9AI score0.00038EPSS
Exploits0References1
NVD
NVD
added 5 hours ago6 views

CVE-2026-11772

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS
Exploits0References2
Cvelist
Cvelist
added 6 hours ago8 views

CVE-2026-11772 Reflected XSS in DRIMO CMS

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 hours ago5 views

CVE-2026-11772

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS6.1AI score
Exploits0References3
NVD
NVD
added 6 hours ago8 views

CVE-2026-10857

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...

6.1CVSS
Exploits0References1
CVE
CVE
added 7 hours ago10 views

CVE-2026-10857

CVE-2026-10857 – Reflected XSS in AKINSoft e-Commerce Affected product: AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce.Vulnerability: Reflected Cross-Site Scripting due to improper neutralization of input during web page generation.Root cause: insufficient sanitization of...

6.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago7 views

CVE-2026-10857 Reflected XSS in Akinsoft's e-Commerce

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...

6.1CVSS
Exploits0References1
CVE
CVE
added 14 hours ago12 views

CVE-2026-8172

The CVE-2026-8172 entry concerns the WordPress plugin Simple Basic Contact Form (through 20250114). The issue is a Reflected Cross-Site Scripting vulnerability caused by not escaping user-supplied input before reflecting it in the contact form output on validation errors. Impact described: unauth...

7.1CVSS5.7AI score
Exploits0References1
EUVD
EUVD
added 14 hours ago6 views

EUVD-2026-38418

The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors vi...

7.1CVSS5.7AI score
Exploits0References1
Nuclei
Nuclei
added 15 hours ago15 views

MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

6.1CVSS6.6AI score0.02574EPSS
Exploits6References4
Nuclei
Nuclei
added 15 hours ago10 views

WP BASE Booking - Reflected XSS

WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...

6.1CVSS7.2AI score0.00578EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago8 views

WordPress Front End Users - Reflected XSS

WordPress Front End Users plugin = 3.2.32 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7.2AI score0.00485EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago8 views

SlideDeck 1 Lite Content Slider - Cross-Site Scripting

SlideDeck 1 Lite Content Slider WordPress plugin = 1.4.8 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13224 inf...

6.1CVSS7.2AI score0.0057EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago14 views

iBuildApp <= 0.2.0 - Reflected Cross-Site Scripting

iBuildApp WordPress plugin through 0.2.0 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13326 info:...

6.1CVSS7.2AI score0.00561EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago7 views

Legull WordPress - Cross-Site Scripting

Legull WordPress plugin = 1.2.2 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to click malicious link. id: CVE-2024-13352 info: name: Legull WordPress -...

7.1CVSS7.4AI score0.0054EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago19 views

WP Dream Carousel < 1.0.1b - Cross-Site Scripting

WP Dream Carousel WordPress plugin 1.0.1b contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7.4AI score0.00561EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago8 views

A5 Custom Login Page - Reflected XSS

A5 Custom Login Page WordPress plugin v2.8.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires a crafted URL or...

6.1CVSS7.2AI score0.0057EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago11 views

Glossy WordPress - Reflected XSS

Glossy WordPress plugin v2.3.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click a malicious link. id: CVE-2024-13325 info: name: Glossy WordPress -...

6.1CVSS7.2AI score0.00561EPSS
Exploits1References1
Nuclei
Nuclei
added 15 hours ago12 views

WP DeskLite - Reflected XSS

WP DeskLite WordPress plugin through 1.0.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12724 info: name: WP DeskLite - Reflected XSS...

6.1CVSS5.8AI score0.00521EPSS
Exploits1References2
Rows per page
Query Builder