DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
CWE-79
CVE-2018-18579
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
CVE-2018-18517
Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.
CVE-2018-18524
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim’s files and achieve remote execution command on the victim’s computer.
CVE-2018-18540
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture’s URL.
CVE-2018-18545
Fiyo CMS 2.0.7 has XSS via the dapurappsapp_useredit_user.php name parameter.