An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter.

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."

An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999.

An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5.

An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5.

An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5.

An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5.

An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5.

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.

An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5.

An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=[XSS] URI.

admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases.

CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension.

ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter.

XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter.

www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.

ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.

Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.

In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.