Latest CVE Feed
-
6.1
MEDIUMCVE-2022-50896
Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaS... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67263
Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting (XSS) vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert mal... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25270
SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to ... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-15093
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Per... Read more
Affected Products : flycms- Published: Dec. 26, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67349
A cross-site scripting (XSS) vulnerability was identified in FluentCMS 1.2.3. After logging in as an admin and navigating to the "Add Page" function, the application fails to properly sanitize input in the <head> section, allowing remote attackers to inje... Read more
Affected Products : fluentcms- Published: Dec. 26, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-36066
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering th... Read more
Affected Products : sterling_connectexpress_adapter_for_sterling_b2b_integrator_520- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-0670
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - ProofreadPage Extension:... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-15170
A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site sc... Read more
Affected Products : gems_erp_portal- Published: Dec. 29, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-45286
A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more
Affected Products : go-httpbin- Published: Jan. 02, 2026
- Modified: Jan. 07, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13958
The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and abo... Read more
Affected Products : yamaps- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-22198
GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting (XSS) vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value (for example, to /api/v1/ticket.php), an ... Read more
Affected Products : gestsup- Published: Jan. 09, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-25051
An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Cryptography
-
6.1
MEDIUMCVE-2026-22032
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the `RelayState` parameter ... Read more
Affected Products : directus- Published: Jan. 08, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-13701
The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13893
The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible ... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2021-47844
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, e... Read more
Affected Products : xmind- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-21663
HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visit... Read more
Affected Products : revive_adserver- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-0642
A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launch... Read more
- Published: Jan. 07, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2021-47836
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands a... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting