An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.

F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue.

trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.

RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter.

Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.

PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.

Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.

Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user.

MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.

static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href.

PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field.

PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field.

PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field.

Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"attacker@example.com"' request, which can be followed by a password reset.

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie.

tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.

Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.

Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.