CVE-2026-48221 Open ISES Tickets < 3.44.2 Reflected XSS via ics205a.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205a.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

EUVD-2025-25361

Malicious code in bioql PyPI...

CVE-2025-34175

In pfSense CE /usr/local/www/suricata/suricatafilecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated...

CVE-2025-4576

CVE-2025-4576 describes a reflected XSS in Liferay Portal 7.4.0–7.4.3.133 and Liferay DXP versions listed (various 2024/Qx and 2025/Q1 ranges, up to 7.4 GA with update 92). The vulnerability allows a remote, non-authenticated attacker to inject JavaScript into the page at modules/apps/blogs/blogs...

WordPress Ptengine Plugin <= 2.2.2 - 1.0.1 - Reflected CrossSite Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...