OX App Suite through 7.10.4 allows XSS via the subject of a task.

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.

OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.

OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.

OX App Suite through 7.10.4 allows XSS via an inline binary file.

OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.

OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.

An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.

An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.

RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.

OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation.

REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts.

OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.

XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.

XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer