CWE-79

LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,

Sakai through 12.6 allows XSS via a chat user name.

Gophish through 0.8.0 allows XSS via a username.

YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html.

Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.

An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the…

WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.

Status Board 1.1.81 has reflected XSS via dashboard.ts.

laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS.

CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.

Status Board 1.1.81 has reflected XSS via logic.ts.

selectize-plugin-a11y before 1.1.0 has XSS via the msg field.

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.

django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.

Bolt before 3.6.10 has XSS via an image's alt or title field.

Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.

Kimai v2 before 1.1 has XSS via a timesheet description.