The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.

A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'

The booking-sms plugin before 1.1.0 for WordPress has XSS.

cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).

Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.

The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS.

XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.

Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.

The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.

Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Clickbank Portal allows remote attackers to inject arbitrary web script or HTML via the search box. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page.

waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add.

Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module.

The wp-all-import plugin before 3.4.6 for WordPress has XSS.

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.

The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.

Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins.

The smokesignal plugin before 1.2.7 for WordPress has XSS.

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.

Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977.

The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.

Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter to mobile/thread.php.

The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter.

Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.

A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.

A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0.

Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.

Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.

A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.

The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue

The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.

A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.

Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata."

A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.

Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.

docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the /#/ (domain.com/#//attacker.com) and render arbitrary JavaScript/HTML inside docsify page.