CVE-2018-8071

Mautic before v2.13.0 has stored XSS via a theme config file.

Source: CVE-2018-8071

CVE-2018-9999

In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.

Source: CVE-2018-9999

CVE-2018-5341

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.

Source: CVE-2018-5341

CVE-2018-5338

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.

Source: CVE-2018-5338

CVE-2018-9990

In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead.

Source: CVE-2018-9990

CVE-2018-9986

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.

Source: CVE-2018-9986

CVE-2018-9987

In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.

Source: CVE-2018-9987

CVE-2017-12196

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.

Source: CVE-2017-12196

CVE-2018-8735

Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.

Source: CVE-2018-8735

CVE-2018-10193

LogMeIn LastPass through 4.9.1 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements.

Source: CVE-2018-10193