From DHS/US-CERT's National Vulnerability Database
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note.
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.