CWE-79

Cross-site Scripting (XSS) – Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.

Cross-site Scripting (XSS) – Stored in Packagist librenms/librenms prior to 22.2.0.

Cross-site Scripting (XSS) – Generic in Packagist librenms/librenms prior to 22.1.0.

Cross-site Scripting (XSS) – Stored in Packagist librenms/librenms prior to 22.1.0.

The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue