The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS[‘TYPO3_CONF_VARS’][‘SYS’][‘sitename’], as demonstrated by an admin entering a crafted site name during the installation process.
CWE-79
CVE-2018-6906
A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API.
CVE-2018-6845
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.
CVE-2018-6858
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.
CVE-2018-6861
Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter.
CVE-2018-6862
Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field.