PHP Scripts Mall Olx Clone 3.4.2 has XSS.
CWE-79
CVE-2018-16327
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.
CVE-2018-16330
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element.
CVE-2018-16256
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
CVE-2018-16257
** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
CVE-2018-16258
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
