The Add page option in my little forum 2.4.12 allows XSS via the Title field.

PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.

Tenda D152 ADSL routers allow XSS via a crafted SSID.

Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter.

Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field.

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.

Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.

An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.

paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.

paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.

Monitorix before 3.10.1 allows XSS via CGI variables.

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).

rejucms 2.1 has stored XSS via the admin/book.php content parameter.

Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.

An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users.

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.