Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.

It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.

In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.

In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.

The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.

UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.

geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.

In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.