A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V188.8.131.52), which could cause privilege escalation when injecting a malicious DLL.
Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 184.108.40.206, 5.1.0.x before 220.127.116.11, 5.1.1.x before 18.104.22.168, 5.2.0.x and 5.3.0.x before 22.214.171.124, 5.4.x before 126.96.36.199, 5.5.0.x before 188.8.131.52, 5.5.1.x before 184.108.40.206, 5.6.x before 220.127.116.11, and 5.7.x before 18.104.22.168 allows remote authenticated users to inject arbitrary web script or HTML via the Name field.
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.