WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.
CWE-79
CVE-2022-30110
The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser.
CVE-2022-29923
Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.4.1 at WordPress.
CVE-2022-29927
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
CVE-2022-29929
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
CVE-2022-29931
The administration interface of the Raytion Custom Security Manager (Raytion CSM) in Version 7.2.0 allows reflected Cross-site Scripting (XSS).