CVE-2025-27273

MEDIUM Year: 2025
CVSS v3 Score
5.8
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winking Affiliate Links Manager allows Reflected XSS. This issue affects Affiliate Links Manager: from n/a through 1.0.

Related Vulnerabilities

CVE-2019-11507

MEDIUM
CVSS:5.8(Medium)

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.

CWE-792019

CVE-2020-9405

MEDIUM
CVSS:5.8(Medium)

IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.

CWE-792020

CVE-2022-3211

MEDIUM
CVSS:5.8(Medium)

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.

CWE-792022

CVE-2023-0337

MEDIUM
CVSS:5.8(Medium)

Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.

CWE-792023

CVE-2023-0338

MEDIUM
CVSS:5.8(Medium)

Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.

CWE-792023

CVE-2023-2021

MEDIUM
CVSS:5.8(Medium)

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.

CWE-792023