Ogma CMS 0.4 Beta has XSS via the “Footer Text footer” field on the “Theme/Theme Options” screen.
CWE-79
CVE-2018-16381
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter.
CVE-2018-16405
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.
CVE-2018-16406
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label.
CVE-2018-16342
ShowDoc v1.8.0 has XSS via a new page.
CVE-2018-16346
ChemCMS 1.0.6 has XSS via the “setting -> website information” field.
