Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.
CWE-79
CVE-2018-20849
Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the login/ URI.
CVE-2018-20850
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
CVE-2018-20858
Recommender before 2018-07-18 allows XSS.
CVE-2018-20859
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.
CVE-2018-20865
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).