946 matches found
📄 ahu.mlsp.government.bg Cross Site Scripting
ahu.mlsp.government.bg suffers from a cross site scripting issue. The researcher has waited over a year after reporting this to make public, so hopefully this will encourage them to fix it. Titles: ahu.mlsp.government.bg-XSS-Reflected-CRITICAL Cross-site scripting reflected Author: nu11secur1ty...
CVE-2026-23722 WeGIA has a Reflected Cross-Site Scripting (XSS) vulnerability allowing arbitrary code execution and UI redressing.
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...
WordPress bidorbuy Store Integrator plugin <= 2.12.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin bidorbuy Store Integrator versions = 2.12.0...
CVE-2025-71166
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
WordPress List Site Contributors plugin <= 1.1.8 - Reflected Cross-Site Scripting via alpha vulnerability
Reflected Cross-Site Scripting via alpha vulnerability discovered by 0x34rth in WordPress Plugin List Site Contributors versions = 1.1.8...
CVE-2026-0499
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...
CVE-2025-9427
The CVE-2025-9427 entry describes an XSS vulnerability in the Lemonsoft WordPress add-on, caused by improper neutralization of input during web page generation. Affected component: Lemonsoft WordPress add-on (version 2025.7.1). Impact is cross-site scripting with potential confidentiality, integr...
CVE-2025-69268
CVE-2025-69268 affects Broadcom DX NetOps Spectrum versions 24.3.8 and earlier. The root cause is improper neutralization of input during web page generation, leading to a reflected XSS vulnerability. Affected platforms include Windows and Linux. The vulnerability information is confirmed by mult...
CVE-2022-0212
The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...
CVE-2022-0879
The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0150
The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...
CVE-2023-4017
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...
CVE-2026-22256
CVE-2026-22256 (Salvo) : A reflected XSS vulnerability exists in Salvo before version 0.88.1, arising from the list_html function in the directory listing view. The code inserts the rendered current.path into an HTML title (and page content) without proper sanitization, while the request path is ...
CVE-2025-68890
CVE-2025-68890 is a DOM-based XSS in the hands01 e-shops e-shops-cart2 plugin (WordPress) caused by improper input neutralization during web-page generation, affecting versions from n/a through
CVE-2025-68889 WordPress Pinpoll plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pinpoll Pinpoll pinpoll allows Reflected XSS.This issue affects Pinpoll: from n/a through = 4.0.0...
CVE-2025-67930
CVE-2025-67930 : Reflected Cross-Site Scripting in the WordPress plugin eHive Search (formerly ehive-search) for versions
CVE-2025-67922 WordPress Grand Restaurant theme < 7.0.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through 7.0.9...
CVE-2025-67918 WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through = 5.4.30...
CVE-2025-27004
CVE-2025-27004 concerns a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Famous - Responsive Image And Video Grid Gallery by LambertGroup. According to the CVE data and Wordfence report, the issue arises from improper neutralization of input during web page generation,...
WordPress plugin Visitor Stats Widget 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...