EUVD-2025-35046

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...

Cross site scripting

In FusionPBX up to 4.5.7, the file app\sipstatus\sipstatus.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS...

PT-2019-14905 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns an unsanitized filename variable in the recording play.php file, which is base64 decoded and reflected in HTML. This leads to a potential XSS issue. Recommendations: For...