An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
CWE-79
CVE-2018-10368
An issue was discovered in WUZHI CMS 4.1.0. The “Extension Module -> System Announcement” feature has Stored XSS via an announcement.
CVE-2018-10369
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.
CVE-2018-10371
An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim’s web browser via a page title.
CVE-2018-10374
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.
CVE-2018-10379
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.
