CVEs affecting projects tracked on Release Alert, from NVD & OSV.
_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter.