login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
CWE-79
CVE-2018-19892
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
CVE-2018-19816
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/categorytree/ChooseCategory.jsp” has reflected XSS via the ConnPoolName parameter.
CVE-2018-19817
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/AdminAuthorisationFrame.jsp” has reflected XSS via the ConnPoolName or GroupId parameter.
CVE-2018-19818
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/Contacts.jsp” has reflected XSS via the ConnPoolName parameter.
CVE-2018-19819
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page “/VPortal/mgtconsole/Rights.jsp” has reflected XSS via the ConnPoolName parameter.