IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148615.
CWE-79
CVE-2018-17533
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
CVE-2018-17556
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
CVE-2018-17560
The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected.
CVE-2018-17571
Vanilla before 2.6.1 allows XSS via the email field of a profile.
CVE-2018-17572
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.