On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.
CWE-79
CVE-2018-14904
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
CVE-2018-14905
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
CVE-2018-14906
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces’ propertyPath parameters.
CVE-2018-14919
LOYTEC LGATE-902 6.3.2 devices allow XSS.
CVE-2018-14922
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.
