Latest CVE Feed
-
6.1
MEDIUMCVE-2019-25407
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpo... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25516
NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if a... Read more
Affected Products : nicegui- Published: Feb. 06, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25408
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint wit... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-14063
The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-0862
The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possi... Read more
Affected Products : save_as_pdf- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-27506
SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow (user_settings.php submitting to admin/update_user.php). Authenticated users can store malicious HTML/JavaScript in fields such as Firs... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2020-37044
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of... Read more
Affected Products : opencti- Published: Jan. 30, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25428
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payl... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25421
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark pa... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25420
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the snat endpoint. Attackers can send POST requests with JavaScript payloads in the port or... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25416
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through the device parameter. Attackers can send POST requests to the QoS devices management e... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25414
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with scr... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2019-25402
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpo... Read more
Affected Products : dome_firewall- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-12451
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta... Read more
Affected Products : easy_svg_support- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-69316
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through <= 1.0.4.2.... Read more
Affected Products : tableon_-_wordpress_posts_table_filterable- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-11706
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unau... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-27504
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile_front.php via the stationid query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter va... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-0788
ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentica... Read more
- Published: Jan. 23, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-47600
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through <= 8.3.7.... Read more
Affected Products : woodmart- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-48094
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Slider magic_slider allows Reflected XSS.This issue affects Magic Slider: from n/a through <= 2.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting