CWE-79

The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.

In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.

In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead.

Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.

Frog CMS 0.9.5 has XSS via the name field of a new “File” or “Directory” on the admin/?/plugin/file_manager/browse/ screen.