81 matches found
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module
Summary Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are...
PT-2026-21117
Name of the Vulnerable Software and Affected Versions iContact for Gravity Forms versions through 1.3.2 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Reflected Cross-site Scripting XSS. This allows an attacker to inject...
📄 Ruckus Unleashed 200.13.6.1.319 XSS Scanner
This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319...
CVE-2025-69098
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWave Hide My WP hidemywp allows Reflected XSS.This issue affects Hide My WP: from n/a through = 6.2.12...
CVE-2019-16967
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form html\admin\modules\manager\views\form.php, an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via G...
CVE-2025-23458
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rakessh Ads24 Lite wp-ad-management allows Reflected XSS.This issue affects Ads24 Lite: from n/a through = 1.0...
CVE-2025-68878
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...
CVE-2025-57897 WordPress Logtik theme <= 2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in venusweb Logtik logtik allows Reflected XSS.This issue affects Logtik: from n/a through = 2.3...
CVE-2025-34409 MailEnable < 10.54 Reflected XSS in Failed Parameter of MAI/AddRecipientsResult.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...
CVE-2025-60796
phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...
CVE-2025-60796
phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...
Cross-site Scripting (XSS)
Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createcallbackhtml function. An attacker can execute arbitrary JavaScript in the context of the callback server's origin by supplying...
CVE-2025-49911
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...
CVE-2025-49956
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anandaraj Balu Fade Slider fade-slider allows Reflected XSS.This issue affects Fade Slider: from n/a through = 2.5...
EUVD-2025-35397
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weissmike Simple Finance Calculator simple-finance-calculator allows Reflected XSS.This issue affects Simple Finance Calculator: from n/a through = 1.0...
CVE-2025-49911
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...
CVE-2025-58971
CVE-2025-58971 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Doctreat theme, affected versions
CVE-2025-53350 WordPress Calendar Plus plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webjunk Calendar Plus calendar-plus allows Reflected XSS.This issue affects Calendar Plus: from n/a through = 1.2.4...
CVE-2025-52770 WordPress Hello Followers plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Hello Followers hellofollowers allows Reflected XSS.This issue affects Hello Followers: from n/a through = 2.5...
CVE-2025-52743 WordPress oik-privacy-policy plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through = 1.4.10...