CVEs affecting projects tracked on Release Alert, from NVD & OSV.
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.