Lucene search
K

32456 matches found

Nuclei
Nuclei
added 11 hours ago58 views

Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...

6.1CVSS5.9AI score0.00665EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago59 views

Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting

Reflected cross-site scripting XSS exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. id: CVE-2022-48197 info: name: Yahoo User Interface library YUI2 TreeView v2.8.2 - Cross-Site Scripting...

6.1CVSS6.3AI score0.06608EPSS
Exploits3References5
Nuclei
Nuclei
added 11 hours ago31 views

SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting

SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. id: CVE-2018-19386 info: nam...

6.1CVSS6.3AI score0.09044EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago51 views

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.1CVSS6.9AI score0.00972EPSS
Exploits2References3
Nuclei
Nuclei
added 11 hours ago26 views

RiteCMS 3.0.0 - Cross-site Scripting

RiteCMS v3.0.0 contains a reflected XSS caused by unsanitized input in the mainmenu/editsection component, letting attackers execute arbitrary scripts in the context of the victim's browser. id: CVE-2024-28623 info: name: RiteCMS 3.0.0 - Cross-site Scripting author: 0xAkoko severity: medium...

6.1CVSS6.1AI score0.01317EPSS
Exploits4References2
Nuclei
Nuclei
added yesterday18 views

Apache Tomcat Examples Web Application - Cross-Site Scripting

Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...

6.1CVSS6.8AI score0.06156EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday28 views

Popup Builder Plugin - SQL Injection and Cross-Site Scripting

The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter. id: CVE-2022-0479 info: name: Popup Builder Plugin - SQL Injection and Cross-Site Scripting author: ritikchaddha severity: critical description: | The Pop...

9.8CVSS7.2AI score0.4408EPSS
Exploits2
Nuclei
Nuclei
added yesterday14 views

TileServer GL <=3.0.0 - Cross-Site Scripting

TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page. id: CVE-2020-15500 info: name: TileServer GL =3.0.0 - Cross-Site Scripting author:...

6.1CVSS6.3AI score0.12224EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday17 views

Sassy Social Share <= 3.3.3 - Cross-Site Scripting

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.1AI score0.1544EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday232 views

PAN-OS - Reflected Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link.The...

6.9CVSS6.7AI score0.43517EPSS
Exploits8References2
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-4322

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

6.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41527

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows Reflected XSS. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

6.1CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2025-210409

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References4
NVD
NVD
added 2 days ago4 views

CVE-2026-14449

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components...

6.4CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57678

CVE-2026-57678 concerns the WordPress Slider Revolution plugin by ThemePunch, affecting versions 7.0.0 through 7.0.16. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability arising from improper neutralization of input during web page generation. The CVSSv3.1 metrics indicate a NETWOR...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-57358 WordPress Customize My Account for WooCommerce plugin <= 4.3.9 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Customize My Account for WooCommerce = 4.3.9 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-27430

CVE-2026-27430 affects the WordPress TheFox theme (

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-27408

CVE-2026-27408 affects WordPress NativeChurch theme versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago62 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.4AI score0.57735EPSS
Exploits5References5
Rows per page
Query Builder