Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
CWE-79
CVE-2018-7681
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in “Favorites” folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
CVE-2018-7603
In Drupal’s 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn’t sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments.
CVE-2018-7636
The URL filtering “continue page” hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs.
CVE-2018-7649
Monitorix before 3.10.1 allows XSS via CGI variables.
CVE-2018-7650
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the “Add New” function for a Management User. Within the “Add New” section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user’s browser. This is different from CVE-2018-6878.
