EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.

The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS.

The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer.

In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.

PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.

An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.

The animate-it plugin before 2.3.5 for WordPress has XSS.

The animate-it plugin before 2.3.4 for WordPress has XSS.

cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).

cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).

cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).

cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).

cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).

S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.

Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.

HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report.

HRworks 3.36.9 allows XSS via the purpose of a travel-expense report.

includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.

The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.

SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address.