zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.

Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.

An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI.

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).

Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.

The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.

Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.

An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).

imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.

In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.

In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.

skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.

VNote 2.2 has XSS via a new text note.

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.

Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.