CVE-2026-30561

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addpurchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

CVE-2026-27054

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Soledad Data Migrator penci-data-migrator allows Reflected XSS.This issue affects Penci Soledad Data Migrator: from n/a through = 1.3.1...

CVE-2026-4816

A Reflected Cross Site Scripting XSS vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This...

CVE-2026-25461

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through = 2.0.21...

CVE-2026-25354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through 1.4.8...

CVE-2026-32529

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through 1.5.19...

CVE-2026-24979 WordPress Jobica Core plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobica Core jobica-core allows Reflected XSS.This issue affects Jobica Core: from n/a through = 1.4.1...

EUVD-2026-13686

The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...

EUVD-2026-12445

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flexmls Flexmls® IDX allows Reflected XSS.This issue affects Flexmls® IDX: from n/a through 3.15.9...

CVE-2025-12453

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0...

CVE-2025-12454 Improper neutralization of input during web page generation vulnerability has been discovered in OpenText™ Vertica.

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0...

PT-2026-25342

🚨 CVE-2025-12453 Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects...

CVE-2026-28113

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through = 3.9.1...

PT-2026-23406

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects MediCenter - Health Medical Clinic: from n/a through = 14.9...

CVE-2026-27948

Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via URL-parameter ?setck=.... Version 1.20.9 fixes the issue...

CVE-2026-27116

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

CVE-2025-69386

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realvirtualmx RVCFDI para Woocommerce rvcfdi-para-woocommerce allows Reflected XSS.This issue affects RVCFDI para Woocommerce: from n/a through = 8.1.8...

CVE-2025-68845

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Reflected XSS.This issue affects eDS Responsive Menu: from n/a through = 1.2...

CVE-2025-67971

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through 1.3.0...

CVE-2025-68495

CVE-2025-68495 is a Reflected XSS in Crocoblock JetEngine (JetEngine) before version 3.8.0. Root cause: improper input neutralization during web page generation. Impact per sources includes HIGH severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L; base score 7.1). Remediation: upgrade JetEngi...