There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.
CWE-79
CVE-2018-10665
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
CVE-2018-10609
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.
CVE-2018-10563
An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7).
CVE-2018-10564
XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.
CVE-2018-10565
XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7.
