No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ “article_title” parameter.
CWE-79
CVE-2018-19902
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article “keyword” parameter.
CVE-2018-19903
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field.
CVE-2018-19904
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page “body” field.
CVE-2018-19905
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
CVE-2018-19906
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.