Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
CWE-79
CVE-2018-6796
PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field.
CVE-2018-6811
Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
CVE-2018-6824
Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an ’email:”attacker@example.com”‘ request, which can be followed by a password reset.
CVE-2018-6834
static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href.
CVE-2018-6842
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.