Cross-site Scripting
Cnvs Canvas contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code.
Advisories for Composer/Cnvs/Canvas package
2018
2017
Cross-site Scripting
cnvs.io has XSS in the title and content fields of a Posts > Add New action, and during creation of new tags and users.