Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability.
An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page.
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.