MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER[‘REQUEST_URI’] is mishandled.
CWE-79
CVE-2018-17044
In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.
CVE-2018-17046
translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js.
CVE-2018-17049
CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action.
CVE-2018-17051
K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php.
CVE-2018-17053
Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054.
