CVE-2004-0319

Cross-site scripting XSS vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a 1 font color or 2 font face argument...

CVE-2004-0254

Cross-site scripting XSS vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag...

CVE-2004-0359

Cross-site scripting XSS vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the 1 c, 2 f, 3 showtopic, 4 showuser, or 5 username parameters...

TIPS MailPost 5.1.1 - APPEND Cross-Site Scripting

TIPS MailPost 5.1.1 - APPEND Cross-Site Scripting source: https://www.securityfocus.com/bid/11596/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitra...

TIPS MailPost 5.1.1 - Error Message Cross-Site Scripting

source: https://www.securityfocus.com/bid/11598/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and script code in a user's browser throug...

CVE-2004-1599

Cross-site scripting XSS vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the 1 query or 2 nick parameters...

BlackBoard Internet NewsBoard System 1.5.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/11336/info BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may allow an attacker to include malicio...

Debian DSA-246-1 : tomcat - information exposure, XSS

The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2003-0042: A maliciously crafted request could return a directory listing even when an index.html, index.jsp, or other welcome fil...

CVE-2004-1665

Cross-site scripting XSS vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter...

CVE-2004-0347

Cross-site scripting XSS vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 build 4797 allows remote authenticated users to execute arbitrary script as other users via the row parameter...

CVE-2002-1494

Cross-site scripting XSS vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message...

GLSA-200406-08 : Squirrelmail: Another XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200406-08 Squirrelmail: Another XSS vulnerability A new cross-site scripting XSS vulnerability in Squirrelmail-1.4.3rc1 has been discovered. In functions/mime.php Squirrelmail fails to properly sanitize user input. Impact : By...

Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/11064/info Reportedly the XOOPS Dictionary Module by Nagle is affected by multiple cross-site scripting vulnerabilities. This issue is due to a failure of the application to properly sanitize user-supplied URI input. As a result of this issue and attacker...

Powie's PSCRIPT Forum fails to filter user posts

Overview Powie's PSCRIPT Forum fails to properly sanitize user input, which allows an attacker to create a user profile that can execute arbitrary scripts in a victim's web browser when the victim views the profile. Description Powie's PSCRIPT Forum is an online forum application written in PHP...

Hosting Controller Multiple Script Arbitrary Directory Browsing

Binary data 1692.prm...

Mozilla Thunderbird < 2.0.0.22 Multiple Vulnerabilities

Binary data 5001.prm...

CVE-2004-0584

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting XSS vulnerability...

CVE-2004-0663

Cross-site scripting XSS vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the 1 id parameter to the a privatemessages module; 2 search parameter to the b links and c content modules; and 3 files parameter to the gallery module...

DSA-535 squirrelmail - several vulnerabilities

Bulletin has no description...

CVE-2004-0726

The CVE-2004-0726 entry concerns the Windows Media Player control in Microsoft Windows 2000. Affected component: Windows Media Player control. Vulnerability: remote attackers can cause JavaScript in an ASX filename to be executed within the local computer zone, specifically in a preview panel, le...