Contao before 4.5.7 has XSS in the system log.
CWE-79
CVE-2018-10128
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php.
CVE-2018-10060
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-10061
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2018-10068
The jDownloads extension before 3.2.59 for Joomla! has XSS.
CVE-2018-10073
joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter.
