CWE-79

Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution.

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the “Role management” menu and then trigger the payload by loading the “Users management” menu

Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.