CWE-79

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the “Site title” field.

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the “Site Description” field.

proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.

GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.