An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the “add dashboard pages” feature where users can receive a malicious attack through a phished URL, with script executed.
CWE-79
CVE-2018-20824
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
CVE-2018-20827
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.
CVE-2018-20837
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
CVE-2018-20758
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
CVE-2018-20774
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.