PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.

An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS].

An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS].

An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.

An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.

An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS.

An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.

Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter.

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue.

_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.

A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.

admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.

Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.

Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.

Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation.

XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.

An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter.

An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS.

The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard.

MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.