CVE-2023-6882

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environmentmode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-6632

The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 versions up to 2.9.1.1 in Happy Addons for Elementor Pro due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-6555

The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-6161

The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-43675

An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all...

CVE-2023-6122

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı allows Reflected XSS.This issue affects Softomi Gelişmiş C2C Pazaryeri Yazılımı: before 12122023...

CVE-2023-48455

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-48443

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

PT-2023-30510 · Relyum · Rely-Rec +1

Name of the Vulnerable Software and Affected Versions: RELY-PCIe version 22.2.1 RELY-REC version 23.1.0 Description: An issue was discovered in the Relyum devices, where the web interfaces are susceptible to reflected XSS. Recommendations: For RELY-PCIe version 22.2.1, consider disabling access t...

CVE-2022-48614

Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS...

CVE-2023-5210

The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-5141

The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the insertedcount parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

The vulnerability of NagiosXI software, related to the lack of measures taken to protect the website structure, allows attackers to execute XSS-type attacks.

The vulnerability of NagiosXI software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out a type of attack known as reflected XSS...

CVE-2023-5211

The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability...

CVE-2023-4250

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2023-27038 · WordPress · Winters Theme

Name of the Vulnerable Software and Affected Versions: Winters theme for WordPress versions up to, and including, 1.4.3 Description: The issue is related to Reflected Cross-Site Scripting via prototype pollution due to insufficient input sanitization and output escaping. This allows unauthenticat...

CVE-2023-44245

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...

CVE-2023-41691

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Pensopay WooCommerce PensoPay plugin = 6.3.1 versions...

CVE-2023-41236

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Happy addons Happy Elementor Addons Pro plugin = 2.8.0 versions...

CVE-2022-4137

A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...