An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.
CWE-79
CVE-2018-5681
PrestaShop 1.7.2.4 has XSS via source-code editing on the “Pages > Edit page” screen.
CVE-2018-5687
NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.
CVE-2018-5688
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
CVE-2018-5689
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user’s email.
CVE-2018-5690
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).