CWE-79

element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.

InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.

OrangeHRM 4.10 is vulnerable to Stored XSS in the “Share Video” section under “OrangeBuzz” via the GET/POST “createVideo[linkAddress]” parameter

Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.

zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php.

Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.