CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

CVE-2026-27068

CVE-2026-27068 describes a Reflected XSS in the WordPress plugin Website LLMs.txt (versions n/a through <= 8.2.6). The issue arises from improper neutralization of input during web page generation, enabling cross-site scripting when user-supplied data is reflected. Several connected sources (N...

CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

CVE-2025-31994

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can inject malicious script into an HTTP request, which is reflected in the server’s immediate response and executed in the victim’s browser. The vulnerability is documented across multiple sources (incl...

CVE-2025-11450

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of the WordPress WP RSS Aggregator plugin prior to 4.20, which stems...

CVE-2020-10464

Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...