CWE-79

Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.12.

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.

The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

Cross-site Scripting (XSS) – Stored in Packagist pimcore/pimcore prior to 10.2.

Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.13.

Cross-site Scripting (XSS) – Reflected in Pypi calibreweb prior to 0.6.16.