app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.
CWE-79
CVE-2018-11198
An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.
CVE-2018-11200
An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.
CVE-2018-11208
** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the “copyright information office” field. NOTE: the vendor indicates that the product was not intended to block this type of XSS by a user with the admin privilege.
CVE-2018-11223
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted “refr” parameter in a “/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=” call.
CVE-2018-11227
Monstra CMS 3.0.4 and earlier has XSS via index.php.
