The web application of the TIBCO Statistica component of TIBCO Software Inc.’s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Statistica Server versions up to and including 13.4.0.
CWE-79
CVE-2018-18733
An XSS issue was discovered in Catfish CMS 4.8.30, related to “write source code,” a similar issue to CVE-2018-13999.
CVE-2018-18736
An XSS issue was discovered in catfish blog 2.0.33, related to “write source code.”
CVE-2018-18738
An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter.
CVE-2018-18739
An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field.
CVE-2018-18740
An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI.