A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
CWE-79
CVE-2018-12902
In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site.
CVE-2018-12903
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user’s groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.
CVE-2018-12905
joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php “system manage” and “add” actions.
CVE-2018-12919
In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.
CVE-2018-12806
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
