An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the applicationapicontrollerUser.php avatar parameter.
CWE-79
CVE-2018-10294
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.
CVE-2018-10296
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter.
CVE-2018-10297
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
CVE-2018-10298
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
CVE-2018-10300
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile’s bio.
