Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka “Admin ids” input in the Facebook section).
CWE-79
CVE-2018-20703
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
CVE-2018-20627
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.
CVE-2018-20632
PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.
CVE-2018-20636
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.
CVE-2018-20639
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.