Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.
CWE-79
CVE-2018-10076
An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard).
CVE-2018-10078
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
CVE-2018-10091
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.
CVE-2018-10095
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
CVE-2018-10096
joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request.
