An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within “ProxyPage.aspx” allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.
CWE-79
CVE-2018-11011
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
CVE-2018-11012
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
CVE-2018-11027
A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML.
CVE-2018-10994
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
CVE-2018-10934
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
