admindbDoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
CWE-79
CVE-2018-19464
Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and templatedefaultcommonfooter.htm mishandles statcode field from third-party stats code.
CVE-2018-19465
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.
CVE-2018-19469
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.
CVE-2018-1947
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427.
CVE-2018-19394
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device’s configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.