ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
CWE-79
CVE-2018-10430
An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of “System setting->site setting” of admin/index.php.
CVE-2018-1045
In Moodle 3.x, there is XSS via a calendar event name.
CVE-2018-10364
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.
CVE-2018-10365
An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized.
CVE-2018-10366
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.
