CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
CWE-79
CVE-2018-18775
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
CVE-2018-18776
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
CVE-2018-18781
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
CVE-2018-18782
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
CVE-2018-18783
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.