An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the “Add Page/URL” URL link field.
CWE-79
CVE-2018-1585
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143498.
CVE-2018-15874
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the “Status -> Active Client Table” page via the hostname field in a DHCP request.
CVE-2018-15820
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter.
CVE-2018-15713
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
CVE-2018-15714
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
