Lucene search
K

333 matches found

NVD
NVD
added 13 hours ago3 views

CVE-2026-57712

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Portfolio wpzoom-portfolio allows Reflected XSS.This issue affects WPZOOM Portfolio: from n/a through = 1.4.29...

7.1CVSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago8 views

WordPress Competition Form Plugin <= 2.0 - Cross-Site Scripting

Competition Form WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to visit a...

7.1CVSS7AI score0.00566EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago49 views

WordPress Restrict User Access <= 2.5 - Cross-Site Scripting

WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the 'ruasection' parameter in the admin level edit page. id: CVE-2024-29138 info: name: WordPress Restrict User Access = 2.5 - Cross-Site Scripting author: Shivam...

7.1CVSS7AI score0.00622EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-5793

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: before v3.3.57...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-5793 XSS in Inrove Software's BiEticaret

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: before v3.3.57...

6.1CVSS0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-49069

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21...

7.1CVSS5.4AI score0.00342EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/05 7:29 p.m.36 views

CVE-2026-45778 Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the...

8.6CVSS0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.12 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS5.7AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.13 views

CVE-2026-42548

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that...

8.6CVSS5.1AI score0.00341EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 6:55 p.m.9 views

GHSA-HGJH-6WJ8-GCGF WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination

Unauthenticated Reflected XSS via $GET'search' in AVideo YouTubeAPI Gallery Pagination Summary A reflected Cross-Site Scripting vulnerability CWE-79 in the AVideo YouTubeAPI plugin allows any unauthenticated attacker to execute arbitrary JavaScript in a victim's browser session when the victim...

6.1CVSS6.2AI score0.00094EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword,...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 6:0 a.m.9 views

CVE-2026-6495 Ajax Load More < 7.8.4 - Reflected XSS

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8AI score0.00184EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/05/13 12:0 a.m.88 views

📄 Event Booking Calendar 5.0 Cross Site Scripting

Event Booking Calendar version 5.0 suffers from a cross site scripting vulnerability. Titles: Event Booking Calendar-5.0 Cross-site scripting reflected Author: nu11secur1ty Date: 5/13/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/ Reference:...

5.3AI score
Exploits0
NVD
NVD
added 2026/05/11 4:17 p.m.21 views

CVE-2025-61305

A reflected cross-site scripted XSS vulnerability in the dfm-menufirmware.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.7 views

CVE-2025-61305

A reflected cross-site scripted XSS vulnerability in the dfm-menufirmware.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6AI score0.00236EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/08 6:31 p.m.16 views

absinthe_plug Has a Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...

6.1CVSS5.8AI score0.00282EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/07 7:34 p.m.9 views

GHSA-GQ5C-RW37-G46C FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. Details The fsNick cookie is rendered into the DOM without encoding. While the server does reject the modified...

3.9CVSS5.9AI score0.00104EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-37004

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...

6.1CVSS5.9AI score0.00265EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/04 7:41 a.m.5 views

CVE-2025-14320 XSS in Tegsoft's Online Support Application

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected XSS. This issue affects Online Support Application: from V3 through 31122025...

9.8CVSS5.8AI score0.00327EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 7:45 p.m.13 views

CVE-2026-7429

CVE-2026-7429 affects SSCMS v7.4.0 and describes a reflected cross‑site scripting flaw in the STL processing endpoint. The vulnerability arises from improper output encoding in the /api/stl/actions/dynamic endpoint, where malicious STL template payloads can be decrypted and returned without sanit...

4.6CVSS5.3AI score0.00165EPSS
Exploits0References3
Rows per page
Query Builder