IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.

Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.

In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.

In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.

In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.

In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.

openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.

FiberHome an5506-04-f RP2669 devices have XSS.

In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.

Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.

PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued.

PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued.

GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.

An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the "string" field type. The contents are an object, with malicious code returned by the __toString() method of that object.