CVE-2020-10430

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-subscribers.php by adding a question mark ? followed by the payload...

CVE-2020-10402

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-category.php by adding a question mark ? followed by the payload...

PT-2020-12120 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/report-traffic.php. This can be achieved by adding a question mark ? followed by...

PT-2020-12074 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in...

CVE-2019-19368

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts...

CVE-2019-15086

An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message...

CVE-2019-3638

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway MWG 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully...

CVE-2017-18534

The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters...

CVE-2019-12927

MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting XSS attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability...

PT-2019-7202 · Schneider Electric · Modicon Bmxnoe0110 +6

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon BMXNOC0401 Schneider Electric Modicon BMXNOE0100 Schneider Electric Modicon BMXNOE0110 Schneider Electric Modicon BMXNOE0110H Schneider Electric Modicon BMXNOR0200H Schneider Electric Modicon BMXP342020 Schneider...

CVE-2019-3911

Reflected cross-site scripting XSS vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /r2/query endpoints...

CVE-2018-16955

The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting XSS. The content of the inhiredirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MIT...

CVE-2018-15679

An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting...

CVE-2018-14929

Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp aka home page url parameter...

CVE-2018-11415

SAP Internet Transaction Server ITS 6200.X.X has Reflected Cross Site Scripting XSS via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product...

PHP ext/phar/phar_object.c file suffers from a reflected cross-site scripting vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

WordPress plugin "PixelYourSite" vulnerable to cross-site scripting

Overview The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitra...

CVE-2018-9104

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

CVE-2018-1347

The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting...

CVE-2017-14801

Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter...