In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.

Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL.

Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.

ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.

An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.

DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.

DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.

Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.

An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie.

tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter.

tianti 2.3 has stored XSS in the article management module via an article title.

tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.

WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter.

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS.

SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.

pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.

A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.

JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI.