MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
CWE-79
CVE-2018-20757
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
CVE-2018-20663
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the “Reports > Reports” name field.
CVE-2018-20676
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVE-2018-20677
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVE-2018-20680
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.