From DHS/US-CERT's National Vulnerability Database
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's acco...
joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter.
joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.
JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.