PT-2024-34851 · Unknown · Hanusek Impress

Name of the Vulnerable Software and Affected Versions: Hanusek imPress versions 0.1.4 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: Fo...

PT-2024-39216 · WordPress · Wedevs Recaptcha Integration For Wordpress

Name of the Vulnerable Software and Affected Versions: ReCaptcha Integration for WordPress plugin versions 1.2.5 and earlier Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without proper escaping on the URL. This allows unauthenticated attacker...

Medium: python-twisted

Issue Overview: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected...

CVE-2024-9110

A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks...

WordPress Events Manager Pro – extended plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Events Manager Pro – extended versions = 0.1...

PT-2024-39289 · WordPress · Pricing Tables Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress versions up to, and including, 3.2.5 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site...

CVE-2024-49637

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Foxskav Bet WC 2018 Russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: from n/a through 2.1...

CVE-2024-49636

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Prashant Mavinkurve Agile Video Player Lite allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through 1.0...

CVE-2024-49651

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Matt Royal WooCommerce Maintenance Mode allows Reflected XSS.This issue affects WooCommerce Maintenance Mode: from n/a through 2.0.1...

PT-2024-32698 · Wedevs · Wedevs Wp Erp

Name of the Vulnerable Software and Affected Versions: weDevs WP ERP versions 1.13.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For...

PT-2024-33593 · Unknown · Monitor.Chat

Name of the Vulnerable Software and Affected Versions: Monitor.Chat versions n/a through 1.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions n/a...

CVE-2024-47801

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

PT-2024-32820 · Sharp +1 · Sharp Mfps +1

Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL...

PT-2024-33375 · Unknown · Adif Log Search Widget

Name of the Vulnerable Software and Affected Versions: ADIF Log Search Widget versions 1.0f and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS in the ADIF Log Search Widget...

WordPress DPD Baltic Shipping plugin <= 1.2.83 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin DPD Baltic Shipping versions = 1.2.83...

PT-2024-33448 · Digitally · Digitally

Name of the Vulnerable Software and Affected Versions: Digitally versions 1.0.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions 1.0.8...

CVE-2017-20193

The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendordescription' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

PT-2024-39740 · WordPress · Locatoraid Store Locator

Name of the Vulnerable Software and Affected Versions: Locatoraid Store Locator plugin for WordPress versions up to, and including, 3.9.47 Description: The issue is related to Reflected Cross-Site Scripting via $ POST keys due to insufficient input sanitization and output escaping. This allows...

WordPress Tainacan plugin <= 0.21.10 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Tainacan versions = 0.21.10...

CVE-2024-9435

The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...