feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new.
CWE-79
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
CVE-2018-1673
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108.
CVE-2018-16730
uploadpluginssysInstall.php in CScms 4.1 has XSS via the site name.
CVE-2018-16736
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
CVE-2018-16653
rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter.
