Lucene search
K

953 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.5 views

GFI KerioControl < 9.4.5 HTTP Response Splitting

GFI KerioControl version prior to 9.4.5 is affected by an HTTP Response Splitting vulnerability. Due to a not properly sanitized GET parameter used to generate a Location HTTP header in a 302 HTTP response an attacker can exploit this vulnerability to perform an Open Redirect or HTTP Response...

8.8CVSS6.3AI score0.29116EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2025/12/03 12:0 a.m.166 views

MaNGOSWebV4 4.0.6 - Reflected XSS

Exploit Title: MaNGOSWebV4 4.0.6 - Reflected XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/paintballrefjosh/MaNGOSWebV4 Software Link: https://github.com/paintballrefjosh/MaNGOSWebV4 Version: 4.0.6 Tested on: Ubuntu Windows CVE : CVE-2017-6478 PoC: // Access...

6.1CVSS7AI score0.02574EPSS
Exploits6
CVE
CVE
added 2025/11/27 5:31 a.m.19 views

CVE-2025-13525

CVE-2025-13525 concerns the WordPress plugin WP Directory Kit. The connected documents confirm a Reflected Cross-Site Scripting vulnerability via the order_by parameter in all versions up to and including 1.4.5, caused by insufficient input sanitization and output escaping. The exposure can enabl...

6.1CVSS5.3AI score0.00219EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/11/27 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-6174

The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user...

6.1CVSS5.8AI score0.0046EPSS
In wildExploits0References2
EUVD
EUVD
added 2025/11/26 6:31 p.m.3 views

EUVD-2025-199738

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...

9.8CVSS6.2AI score0.00865EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/25 9:52 p.m.5 views

CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References4
CVE
CVE
added 2025/11/25 3:25 p.m.11 views

CVE-2025-0248

CVE-2025-0248 concerns HCL iNotes and is described across Red Hat, ENISA EUVD, NVD, and CVE lists as a Reflected Cross-site Scripting (XSS) vulnerability due to improper validation of user-supplied input. The attack requires no authentication and can be triggered by a specially crafted URL, enabl...

8.1CVSS6.1AI score0.00314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/25 6:2 a.m.12 views

CVE-2025-12629

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 2025/11/24 4:15 p.m.3 views

CVE-2025-60917

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter...

4.6CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2025/11/24 6:15 a.m.5 views

CVE-2024-14015

The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/24 6:0 a.m.9 views

CVE-2024-14015 Studiocart <= 2.9.0 - Reflected XSS

The WordPress eCommerce Plugin WordPress plugin through 2.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00368EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 3:9 a.m.3 views

EUVD-2025-198606

FMS developed by Otsuka Information Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

5.1CVSS6.6AI score0.00386EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/11/23 11:40 a.m.145 views

reflected-xss-scanner

...

7AI score
Exploits0
OSV
OSV
added 2025/11/21 8:15 a.m.5 views

CVE-2025-12746

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.5 views

CVE-2025-12746 Tainacan <= 1.0.0 - Reflected Cross-Site Scripting

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS5.3AI score0.00219EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/11/19 8:0 p.m.9 views

Astro vulnerable to reflected XSS via the server islands feature

Summary After some research it appears that it is possible to obtain a reflected XSS when the server islands feature is used in the targeted application, regardless of what was intended by the component templates. Details Server islands run in their own isolated context outside of the page reques...

7.1CVSS6.6AI score0.00446EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.6 views

PT-2025-47472

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

6.1CVSS6.6AI score0.00199EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/18 11:1 p.m.10 views

CVE-2025-65013 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...

6.2CVSS0.00216EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 9:27 a.m.17 views

CVE-2025-12079

CVE-2025-12079 (WP Twitter Auto Publish) is a reflected Cross-Site Scripting via PostMessage vulnerability in WordPress WP Twitter Auto Publish plugin. Affected versions are all up to and including 1.7.3, with exploitation possible by unauthenticated attackers who trick a user into performing an ...

6.1CVSS6.1AI score0.00212EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/12 9:16 a.m.7 views

CVE-2025-61623 Apache OFBiz: Reflected Cross-site Scripting

Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue...

0.00677EPSS
Exploits0References5
Rows per page
Query Builder