Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.
An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page.
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The userid parameter in jumpin.php has a SQL injection vulnerability.