The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.

The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS.

The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.

Nokia IMPACT < 18A: has Reflected self XSS

In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if pannellum.htm was hosted on a domain that shared cookies with the targeted site's user authentication; an &lt;iframe&gt; could then be embedded on the attacker's site using pannellum.htm from the targeted site, which would allow the attacker to potentially access information from the targeted site as the authenticated user (or worse if the targeted site did not have adequate CSRF protections) if the user clicked on a hot spot in the attacker's embedded panorama viewer. This was patched in version 2.5.5.

PostfixAdmin 2.3.4 has multiple XSS vulnerabilities

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded.

Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section.

Footy Tipping Software AFL Web Edition 2019 allows XSS.

KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.

TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.

When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.

Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.

phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.

The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.