PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.

PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.

packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503.

PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.

FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile.

Readymade Job Site Script has XSS via the keyword parameter to the /job URI.

Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter.

The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.

In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.

Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device.

Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings.

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5.

Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.

Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.

Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.

A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688.