DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
CWE-79
CVE-2018-19914
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
CVE-2018-19915
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
CVE-2018-19917
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
CVE-2018-19918
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
CVE-2018-19919
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.