ArticleCMS through 2017-02-19 has XSS via an “add an article” action.
CWE-79
CVE-2018-12353
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the “Business Model’s Catalogue” catalogue.
CVE-2018-12355
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the “Olap Schemas’ Catalogue” catalogue.
CVE-2018-12297
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names.
CVE-2018-12299
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.
CVE-2018-12302
Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting.
