The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter.
CWE-79
CVE-2018-17949
Cross site scripting vulnerability in iManager prior to 3.1 SP2.
CVE-2018-1795
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149073.
CVE-2018-17952
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
CVE-2018-17960
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-17964
Aryanic HighPortal 12.5 has XSS via an Add Tags action.