The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI

Impact The Query Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'REQUESTURI' parameter in all versions up to, and including, 3.20.3 due to insufficient output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2025-50001 WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

EUVD-2026-12763

The CRPaid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2026-29520 Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the pingipaddr parameter t...

CVE-2016-20036 Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

CVE-2016-20027 ZKTeco ZKBioSecurity 3.0 Multiple Reflected XSS Vulnerabilities

ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in...

PT-2026-25725

Name of the Vulnerable Software and Affected Versions ZKTeco ZKBioSecurity version 3.0 Description The software contains multiple reflected cross-site scripting issues that permit attackers to run arbitrary HTML and script code. This is achieved by injecting malicious payloads through unsanitized...

Rxss-Scan

Rxss-Scan is a lightwe...

WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by benzdeus in WordPress Plugin Website LLMs.txt versions = 8.2.6...

CVE-2026-2466

The CVE-2026-2466 entry concerns the DukaPress WordPress plugin (affected version up to 3.2.4). The issue arises because the plugin does not sanitise and escape a parameter before reflecting it on the page, enabling a Reflected Cross-Site Scripting (XSS) attack. Impact is stated as potential expl...

CVE-2026-2466

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-12473

The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2026-2431 CM Custom Reports <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Cross-site Scripting (XSS)

Astro is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a Reflected Cross-Site Scripting XSS vulnerability in Astro's development server error pages when the trailingSlash configuration option is used, where an attacker can inject arbitrary JavaScript code that executes in th...

CVE-2026-27375

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through = 1.9.8...

CVE-2026-1706

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

EUVD-2026-9778

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through = 4.3.2...

EUVD-2026-9631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through = 1.9.8...

CVE-2026-28042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify Listify listify allows Reflected XSS.This issue affects Listify: from n/a through = 3.2.5...

CVE-2026-22440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree Thecs thecs allows Reflected XSS.This issue affects Thecs: from n/a through = 1.4.7...