VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user’s workstation.
CWE-79
CVE-2018-6890
Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3.
CVE-2018-6891
Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js.
CVE-2018-6900
PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.
CVE-2018-6902
PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action.
CVE-2018-6904
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.