Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
CWE-79
CVE-2018-6603
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie.
CVE-2018-6561
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
CVE-2018-6586
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
CVE-2018-6587
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
CVE-2018-6588
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.