Linux Distros Unpatched Vulnerability : CVE-2023-29457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form...

CVE-2025-23519

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jas Saran G Web Pro Store Locator gwebpro-store-locator allows Reflected XSS.This issue affects G Web Pro Store Locator: from n/a through = 2.0.1...

CVE-2025-23813 WordPress Guten Free Options Plugin <= 0.9.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tony Hayes Guten Free Options guten-free-options allows Reflected XSS.This issue affects Guten Free Options: from n/a through = 0.9.7...

CVE-2025-23564 WordPress WP FixTag plugin <= v2.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mohsenshahbazi WP FixTag wp-fixtag allows Reflected XSS.This issue affects WP FixTag: from n/a through = v2.0.2...

CVE-2025-23563

CVE-2025-23563 is a reflected XSS in the WordPress Explore pages plugin (versions

CVE-2025-23432

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through = 1.12.0...

CVE-2025-23882

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in misanthrop WP Download Codes wp-download-codes allows Reflected XSS.This issue affects WP Download Codes: from n/a through = 2.5.4...

CVE-2024-43126

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce...

CVE-2024-54339

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jbd7 geoFlickr geoflickr allows Reflected XSS.This issue affects geoFlickr: from n/a through = 1.3...

CVE-2024-51780

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eewee eewee admin custom eewee-admincustom allows Reflected XSS.This issue affects eewee admin custom: from n/a through = 1.8.2.4...

CVE-2024-51705

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jamesdbruner WP MMenu Lite wp-mmenu-lite allows Reflected XSS.This issue affects WP MMenu Lite: from n/a through = 1.0.0...

CVE-2024-35687

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.3...

CVE-2025-22794

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ianhaycox World Cup Predictor world-cup-predictor allows Reflected XSS.This issue affects World Cup Predictor: from n/a through = 1.9.8...

CVE-2025-23427

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David Anderson / Team Updraft Redux Converter redux-converter allows Reflected XSS.This issue affects Redux Converter: from n/a through = 1.1.3.1...

CVE-2025-23545

CVE-2025-23545 is a Reflected XSS in WP Social Broadcast (Navnish Bhardwaj) affecting WP Social Broadcast versions up to 1.0.0. Root cause: improper neutralization of input during web page generation. Public details come from CVE records (NVD/Red Hat) and confirm the issue; exploitation status, s...

CVE-2024-56037 WordPress User Referral plugin <= 8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Md Maruf Adnan Sami User Referral allows Reflected XSS.This issue affects User Referral: from n/a through 8.0...

CVE-2024-9427

Koji contains an XSS vulnerability (CVE-2024-9427) due to unsanitized input that can reflect JavaScript from a malicious link in the web page. The description notes that existing XSS protections in the code are expected to prevent submitting actions or changes. The connected sources confirm this ...

Cross-site Scripting (XSS)

github.com/hashicorp/consul is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the server's failure to explicitly set a Content-Type HTTP header in the response, allowing user-provided inputs to be misinterpreted, which can lead to reflected XSS attacks...

CVE-2023-4406 XSS in KC Group's E-Commerce Software

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KC Group E-Commerce Software allows Reflected XSS. This issue affects E-Commerce Software: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any wa...

bgERP v22.31 (Orlovets) - Cookie Session vulnerability &amp; Cross-Site Scripting (XSS)

Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Date: 01.31.2023 Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...