CWE-79

Cross-site Scripting (XSS) – Stored in Packagist getgrav/grav prior to 1.7.28.

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting

Cross-site Scripting (XSS) – Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.

Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11.

Cross-site Scripting (XSS) – Stored in Packagist pimcore/pimcore prior to 10.2.9.

The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting