In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.

AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter.

ExpressionEngine before 4.3.5 has reflected XSS.

DASAN H660GW devices have Stored XSS in the Port Forwarding functionality.

XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter.

An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.

XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.

The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring.

An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.

An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project.

Vanilla before 2.6.1 allows XSS via the email field of a profile.

The Image Import function in XWiki through 10.7 has XSS.

On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.