56 matches found
CVE-2022-38553
Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the Search parameter...
CVE-2022-0428
The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting...
EUVD-2019-2480
Malware in sbrugna...
EUVD-2025-24800
Malicious code in bioql PyPI...
EUVD-2024-50781
Malicious code in bioql PyPI...
EUVD-2023-35405
Malicious code in bioql PyPI...
CVE-2025-53935 WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint `personalizacao_selecao.php` parameter `id`
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the personalizacaoselecao.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers...
CVE-2025-53824 WeGIA ReflectedCross-Site Scripting (XSS) vulnerability in endpoint 'cadastro_pet.php' parameter 'msg'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the editarpermissoes.php endpoint of the WeGIA application prior to version 3.4.4. This vulnerability allows attackers to...
CVE-2025-53822
WeGIA (open source web manager) is affected by a Reflected XSS in the relatorio_geracao.php endpoint, via the tipo_relatorio parameter, for versions prior to 3.4.5. The underlying issue is lack of proper input filtering/escaping, enabling injection of arbitrary scripts. A fix is available in vers...
CVE-2025-31037 WordPress Homey theme <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey homey allows Reflected XSS.This issue affects Homey: from n/a through = 2.4.5...
CVE-2025-31061 WordPress Wishlist plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redqteam Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 2.1.0...
CVE-2025-31917 WordPress Universal Video Player plugin <= 3.8.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universalvideoplayer allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.3...
CVE-2025-47673 WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through = 2.1.16...
CVE-2024-47067
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:linkname takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up ...
CVE-2024-40484
A Reflected Cross Site Scripting XSS vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter...
CVE-2023-5950
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in...
CVE-2023-28493
Auth subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Macho Themes NewsMag theme = 2.4.4 versions...
CVE-2021-24987
The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its thechampsharingcount AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a...
CVE-2025-22678
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8...
CVE-2025-0688
The Spiritual Gifts Survey and optional S.H.A.P.E survey WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...