CVE-2025-68011

CVE-2025-68011 is a Reflected XSS in GLS Shipping for WooCommerce (plugin GLS Shipping for WooCommerce) affecting versions through 1.4.0. Root cause is improper input neutralization during web page generation. Impact is not quantified beyond Reflected XSS; CVSS 3.1 base score 7.1 (HIGH) with netw...

CVE-2025-68008 WordPress WP Mail plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through = 1.3...

CVE-2025-67964 WordPress Homey Core plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through = 2.4.3...

CVE-2025-53240

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through = 1.1.0...

CVE-2025-52762 WordPress flexo-posts-manager Plugin <= 1.0001 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flexostudio flexo-posts-manager flexo-posts-manager allows Reflected XSS.This issue affects flexo-posts-manager: from n/a through = 1.0001...

CVE-2025-67683

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...

PT-2026-3982

Name of the Vulnerable Software and Affected Versions Jthemes xSmart versions through 1.2.9.4 Description A flaw exists in Jthemes xSmart that allows for Reflected Cross-Site Scripting XSS. This issue arises from improper handling of user-supplied input during web page generation. The vulnerabili...

PT-2026-4088

Name of the Vulnerable Software and Affected Versions Casey Bisson wpCAS versions through 1.07 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows for the injection of...

PT-2026-3958

Name of the Vulnerable Software and Affected Versions LambertGroup HTML5 Video Player versions through 5.3.5 Description A Reflected Cross-site Scripting XSS issue exists in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom due to improper neutralization of input during web page generation. Th...

CVE-2026-21664

HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...

CVE-2025-58093

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-54852

A reflected cross-site scripting xss vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54778

A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-53854

CVE-2025-53854 affects MedDream PACS Premium 7.3.6.870. Cisco Talos details a post-authentication, reflected XSS vulnerability in Pacs/modifyHL7Route.php where the value of the source parameter is written into HTML output without sanitization. An attacker can craft a URL to trigger arbitrary Java...

CVE-2025-58091

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58088

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58089

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-40644

Reflected Cross-Site Scripting XSS vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user...

PT-2026-3661

HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system provides functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from ...