CVE-2025-27004

CVE-2025-27004 concerns a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Famous - Responsive Image And Video Grid Gallery by LambertGroup. According to the CVE data and Wordfence report, the issue arises from improper neutralization of input during web page generation,...

WordPress plugin Visitor Stats Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2019-25284 V-SOL GPON/EPON OLT Platform V2.03.62R_IPv6 v2.03 Reflected Cross-Site Scripting Vulnerability

V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim's...

CVE-2019-25277 FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...

CVE-2026-21855 Tarkov Data Manager has Unauthenticated Reflected XSS

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting XSS vulnerability in the toast notification system allows any attacker to execute arbitrary JavaScript in the context of a victim's browser session by crafting a malicious...

CVE-2025-46494

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1...

PT-2026-1643

Name of the Vulnerable Software and Affected Versions Digital zoom studio DZS Video Gallery versions through 12.25 Description The software contains a flaw related to improper input handling during web page generation, leading to a Reflected Cross-site Scripting XSS condition. This allows for the...

CVE-2025-13456

The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

EUVD-2026-0035

Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type...

CVE-2025-13456

The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13456 Shopbuilder < 3.2.2 - Reflected XSS

The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-67711 Reflected XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

CVE-2025-67708 Reflected cross-site scripting (XSS) vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

EUVD-2025-206072

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91...

EUVD-2025-206061

Cross-Site Request Forgery CSRF vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8...

CVE-2025-52739

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3...

CVE-2025-23707 WordPress En Masse plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matamko En Masse en-masse-wp allows Reflected XSS.This issue affects En Masse: from n/a through = 1.0...

CVE-2025-23707 WordPress En Masse plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matamko En Masse allows Reflected XSS.This issue affects En Masse: from n/a through 1.0...

CVE-2025-23667

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Christopher Churchill custom-post-edit front-end-post-edit allows Reflected XSS.This issue affects custom-post-edit: from n/a through = 1.0.4...

CVE-2021-47743

The CVE-2021-47743 entry concerns COMMAX Biometric Access Control System 1.0.0 with an unauthenticated reflected XSS in cookie parameters CMX_ADMIN_NM and CMX_COMPLEX_NM. The vulnerability allows injection of HTML/JavaScript to run in a victim’s browser session. Documents do not specify affected ...