36 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-24917
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected Javascript code inside it for services' page and send it to other users. The payload can be executed only...
CVE-2025-50690
CVE-2025-50690 describes a reflected XSS in SpatialReference.org (OSGeo/spatialreference.org). The issue arises from improper handling of user input in the search query parameter, enabling an unauthenticated attacker to craft a URL that reflects and executes arbitrary JavaScript in a victim’s bro...
CVE-2024-47854
An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...
SUSE CVE-2018-5712
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file...
PT-2022-5263 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 19.1R3-S9 Junos OS versions 19.2 prior to 19.2R3-S6 Junos OS versions 19.3 prior to 19.3R3-S7 Junos OS versions 19.4 prior to 19.4R2-S7, 19.4R3-S8 Junos OS versions 20.1 prior to 20.1R3-S5 Junos OS versions 20.2 pri...
CVE-2022-1192
The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-29817
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible...
DEBIAN-CVE-2022-24917
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all...
CVE-2021-25031
The Image Hover Effects Ultimate Image Gallery, Effects, Lightbox, Comparison or Magnifier WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
PT-2022-6481 · Zabbix +5 · Zabbix +5
Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to the lack of protection of the web page structure in Zabbix, allowing an authenticated user to create a link with reflected Javascript code for the graphs page and sen...
NCH IVM Attendant 跨站脚本漏洞
NCH IVM Attendant is a complete voicemail, call attendant and IVR solution for Windows. a security vulnerability exists in NCH IVM Attendant due to a lack of comprehensive input validation, which can be exploited by an authenticated attacker to inject a JavaScript cross-site scripting payload int...
CVE-2020-35346
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add...
PT-2020-12078 · Chadha · Chadha Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/edit-subscriber.php by adding a question mark ?...
CVE-2019-0303
SAP BusinessObjects Business Intelligence Platform Administration Console, versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript co...
CVE-2019-9839
VFront 0.99.5 has Reflected XSS via the admin/menuregistri.php descrizioneg parameter or the admin/syncregtab.php azzera parameter...
GHSA-R34R-F84J-5X4X Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...