Lucene search
K

81 matches found

Github Security Blog
Github Security Blog
added 2026/02/25 10:1 p.m.5 views

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Summary Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are...

6.1CVSS5.7AI score0.00221EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21117

Name of the Vulnerable Software and Affected Versions iContact for Gravity Forms versions through 1.3.2 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Reflected Cross-site Scripting XSS. This allows an attacker to inject...

5.4AI score0.00186EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.144 views

📄 Ruckus Unleashed 200.13.6.1.319 XSS Scanner

This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319...

6.1CVSS5AI score0.00192EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/01/23 9:17 p.m.6 views

CVE-2025-69098

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWave Hide My WP hidemywp allows Reflected XSS.This issue affects Hide My WP: from n/a through = 6.2.12...

7.1CVSS5.4AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.9 views

CVE-2019-16967

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form html\admin\modules\manager\views\form.php, an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via G...

6.1CVSS6.8AI score0.01311EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/31 12:2 a.m.7 views

CVE-2025-23458

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rakessh Ads24 Lite wp-ad-management allows Reflected XSS.This issue affects Ads24 Lite: from n/a through = 1.0...

7.1CVSS7.2AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/30 5:9 p.m.4 views

CVE-2025-68878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...

7.1CVSS5.9AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:21 a.m.21 views

CVE-2025-57897 WordPress Logtik theme <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in venusweb Logtik logtik allows Reflected XSS.This issue affects Logtik: from n/a through = 2.3...

7.1CVSS0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 6:9 p.m.2 views

CVE-2025-34409 MailEnable < 10.54 Reflected XSS in Failed Parameter of MAI/AddRecipientsResult.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

5.3CVSS5.4AI score0.00402EPSS
Exploits0References3
NVD
NVD
added 2025/11/20 3:17 p.m.8 views

CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

6.1CVSS0.00198EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/20 12:0 a.m.8 views

CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

0.00198EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/28 9:46 p.m.3 views

Cross-site Scripting (XSS)

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createcallbackhtml function. An attacker can execute arbitrary JavaScript in the context of the callback server's origin by supplying...

6.1CVSS5.5AI score0.0025EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.5 views

CVE-2025-49911

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...

7.1CVSS6.4AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.6 views

CVE-2025-49956

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anandaraj Balu Fade Slider fade-slider allows Reflected XSS.This issue affects Fade Slider: from n/a through = 2.5...

7.1CVSS6.4AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 3:31 p.m.4 views

EUVD-2025-35397

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weissmike Simple Finance Calculator simple-finance-calculator allows Reflected XSS.This issue affects Simple Finance Calculator: from n/a through = 1.0...

5.9AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 3:15 p.m.4 views

CVE-2025-49911

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...

7.1CVSS0.00208EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 2:32 p.m.8 views

CVE-2025-58971

CVE-2025-58971 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Doctreat theme, affected versions

7.1CVSS6AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.6 views

CVE-2025-53350 WordPress Calendar Plus plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webjunk Calendar Plus calendar-plus allows Reflected XSS.This issue affects Calendar Plus: from n/a through = 1.2.4...

7.1CVSS0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.8 views

CVE-2025-52770 WordPress Hello Followers plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in appscreo Hello Followers hellofollowers allows Reflected XSS.This issue affects Hello Followers: from n/a through = 2.5...

7.1CVSS0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.3 views

CVE-2025-52743 WordPress oik-privacy-policy plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through = 1.4.10...

7.1CVSS5.2AI score0.00228EPSS
Exploits0References1
Rows per page
Query Builder