15342 matches found
CVE-2026-57358 WordPress Customize My Account for WooCommerce plugin <= 4.3.9 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Customize My Account for WooCommerce = 4.3.9 versions...
CVE-2026-27430
CVE-2026-27430 affects the WordPress TheFox theme (
CVE-2026-27408
CVE-2026-27408 affects WordPress NativeChurch theme versions
CVE-2026-54263
Wagtail (Django-based CMS) has a reflected XSS in the dynamic image URL generator view within the admin. A limited-permission editor could craft a URL that, when seen by a higher-privilege user, could act with that user’s credentials. Affected versions: < 7.0.8, < 7.3.3,
CVE-2026-48307
ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...
Linux Distros Unpatched Vulnerability : CVE-2026-39900
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the...
Linux Distros Unpatched Vulnerability : CVE-2026-39897
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This...
WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Automotive Listings versions = 18.6...
CVE-2026-57333
CVE-2026-57333 describes an unauthenticated reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Link Whisper Free , affecting versions up to and including 0.9.4 . The connected sources consistently identify it as a reflected XSS issue in the Free plugin; no root-cause detai...
CVE-2026-13245
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-57312 WordPress Everest Forms plugin <= 3.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...
CVE-2026-39900
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...
DEBIAN-CVE-2026-39900
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...
CVE-2026-39900 Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...
CVE-2026-39897
Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...
CVE-2026-39897 Cacti has a Reflected XSS Vulnerability via html_auth_footer
Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...
WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Quick Interest Slider versions = 3.1.6...
WordPress Image Sizes on Demand plugin <= 1.3 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Image Sizes on Demand versions = 1.3...
CVE-2026-46547
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...
CVE-2026-46547 NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...