GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.
CWE-79
CVE-2018-19596
Zurmo 3.2.4 allows HTML Injection via an admin’s use of HTML in the report section, a related issue to CVE-2018-19506.
CVE-2018-19597
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
CVE-2018-19598
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an ‘Add new user’ request.
CVE-2018-19525
An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation.
CVE-2018-19527
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.