F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a “suggested metadata tags for assets” issue.
CWE-79
CVE-2018-6190
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
CVE-2018-6193
A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the ‘rtr’ GET parameter in a page=graph action to cgi-bin/routers2.pl.
CVE-2018-6194
A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.
CVE-2018-6145
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2018-6128
Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.