An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize.
CWE-79
CVE-2018-16348
SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name.
CVE-2018-16349
WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter.
CVE-2018-16350
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter.
CVE-2018-16358
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
CVE-2018-16361
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter.
