Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
CWE-79
CVE-2018-16773
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
CVE-2018-16775
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the “Categories” menu.
CVE-2018-16776
wityCMS 0.6.2 has XSS via the “Site Name” field found in the “Contact” “Configuration” page.
CVE-2018-16778
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field).
CVE-2018-16779
BlogCMS through 2016-10-25 has XSS via a comment.
