The mail message display page in SquirrelMail through 1.4.22 has XSS via a “<math xlink:href=" attack.
CWE-79
CVE-2018-14954
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
CVE-2018-14955
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
CVE-2018-1496
IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219.
CVE-2018-14962
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
CVE-2018-14890
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.
