index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
CWE-79
CVE-2018-16626
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
CVE-2018-16628
panel/login in Kirby v2.5.12 allows XSS via a blog name.
CVE-2018-16629
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
CVE-2018-16630
Kirby v2.5.12 allows XSS by using the “site files” Add option to upload an SVG file.
CVE-2018-16631
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
