An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The ‘username’ parameter of the addUser endpoint is vulnerable to stored XSS.
CWE-79
CVE-2018-17443
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The ‘sitename’ parameter of the UpdateSite endpoint is vulnerable to stored XSS.
CVE-2018-17413
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.
CVE-2018-17421
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.
CVE-2018-17423
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
CVE-2018-17425
WUZHI CMS 4.1.0 has stored XSS via the “Membership Center” “I want to ask” “detailed description” field under the index.php?m=member URI.