Lucene search
K

7 matches found

Nuclei
Nuclei
added yesterday31 views

Newsletter < 7.4.5 - Cross-Site Scripting

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

6.1CVSS6.4AI score0.01785EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50138

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the AddressesCc parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The AddressesCc value...

6.1CVSS5.7AI score0.00324EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27274

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00213EPSS
Exploits1References1
NVD
NVD
added 2024/02/01 10:15 a.m.15 views

CVE-2024-21750

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5...

7.1CVSS6.9AI score0.00393EPSS
Exploits0References1
Hacker One
Hacker One
added 2022/01/19 5:21 p.m.53 views

VK.com: Reflected Xss On https://vk.com/search

XSS in Search...

6.3AI score
Exploits0
Cvelist
Cvelist
added 2020/06/07 1:18 a.m.17 views

CVE-2020-13897

HESK before 3.1.10 allows reflected XSS...

6.4AI score0.00641EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/03/11 6:46 a.m.20 views

CVE-2017-6809

paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/templatefiles/admin.donate.php id parameter...

6AI score0.00637EPSS
Exploits0References2
Rows per page
Query Builder