An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.

app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.

Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.

MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter.

An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload.

D-Link DIR-615 T1 devices allow XSS via the Add User feature.

RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings(26) detailed in the GitHub issue #16.

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.

In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead.

In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.

Mautic before v2.13.0 has stored XSS via a theme config file.

The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter.

iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI.

iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.

An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php.

Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF.

plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action.