CVE-2005-1477

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as...

CVE-2005-1477

CVE-2005-1477 describes an arbitrary JavaScript execution flaw in Firefox 1.0.3 via the installer’s IconURL handling, enabling code execution with chrome privileges when a trusted extension install site (e.g., update.mozilla.org/addon.mozilla.org) is used, potentially chaining with CVE-2005-1476....

CVE-2005-1477

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as...

CVE-2005-1476

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477...

CVE-2005-1158

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...

CVE-2005-0778

PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif...

CVE-2005-1068

Cross-site scripting XSS vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via url tags...

CVE-2005-1158

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...

CVE-2005-1068

Cross-site scripting XSS vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via url tags...

CVE-2002-1649

Cross-site scripting XSS vulnerability in readbody.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag...

CVE-2004-1712

Technical details about CVE-2004-1712 are not publicly provided in the supplied documents; monitor for updates.

Invision Power Board COLOR SML Tag XSS

According to the version number in its banner, the installation of Invision Power Board on the remote host reportedly does not sufficiently sanitize the 'COLOR' SML tag. A remote attacker may exploit this vulnerability by adding a specially crafted 'COLOR' tag with arbitrary JavaScript to any...

CVE-2004-0705

Multiple cross-site scripting XSS vulnerabilities in 1 editcomponents.cgi, 2 editgroups.cgi, 3 editmilestones.cgi, 4 editproducts.cgi, 5 editusers.cgi, and 6 editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other...

CVE-2004-0705

Multiple cross-site scripting XSS vulnerabilities in 1 editcomponents.cgi, 2 editgroups.cgi, 3 editmilestones.cgi, 4 editproducts.cgi, 5 editusers.cgi, and 6 editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other...

CVE-2004-0705

Multiple cross-site scripting XSS vulnerabilities in 1 editcomponents.cgi, 2 editgroups.cgi, 3 editmilestones.cgi, 4 editproducts.cgi, 5 editusers.cgi, and 6 editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other...

IMP Content-Type Header XSS

The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code simply by reading a MIME messa...

CVE-2002-0494

Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name...

CVE-2002-2178

Cross-site scripting XSS vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag...

Input Validation Error in vbulletin 2.2.x

Description: --------------- VBulletin discussion forum http://www.vbulletin.com does not properly validate the input for html tag enabled forums, allowing arbitrary JavaScript code to be run for any access level user. Prof of concept: ---------------- b onMouseOver="alertdocument.location;"This...

CVE-2002-0475

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message...