CVE-2002-0187

Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."...

CVE-2002-0733

Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message...

CVE-2002-0329

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag...

CVE-2002-0989

CVE-2002-0989 affects Gaim prior to 0.59.1. The vulnerability lies in the URL handler of the manual browser option, where a crafted link containing shell metacharacters can lead to remote command execution. References from Red Hat, Debian, Mandrake, and Red Hat advisories indicate updating to 0.5...

CVE-2002-1529

Cross-site scripting XSS vulnerability in msgError.asp for the administrative web interface STEMWADM for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter...

Nuked-Klan index.php Multiple Module Vulnerabilities

The instance of Nuked-klan running on the remote web server is affected by multiple vulnerabilities due to a failure to sanitize user-supplied input to several parameters before using them in the 'Team', 'News', and 'Liens' modules to display dynamic HTML. An unauthenticated, remote attacker can...

CVE-2002-1533

Cross-site scripting XSS vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters %0a...

Microsoft Windows Me and XP Help and Support Center does not adequately validate hcp:// URI parameters

Overview The Help and Support Center included with Microsoft Windows Millennium Edition and XP does not adequately validate parameters provided in an "hcp://" URI. As a result, an attacker could construct a URI that could cause the Help and Support Center to execute arbitrary script, effectively...

CVE-2002-1703

Cross-site scripting vulnerability XSS in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter...

CVE-2002-2011

Cross-site scripting XSS vulnerability in the fom CGI program fom.cgi in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2002-1729

Cross-site scripting vulnerability XSS in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message...

CVE-2002-1724

Cross-site scripting vulnerability XSS in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter...

PHP-Nuke 6.0 - Web Mail Script Injection

PHP-Nuke 6.0 - Web Mail Script Injection source: https://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an...

Web Server Creator Web Portal 0.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/6251/info The Web Server Creator Web Portal is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for the customize.php and index.php scripts. As a...

Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting

Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting source: https://www.securityfocus.com/bid/5900/info A vulnerability in Microsoft Internet Information Server IIS may make cross-site scripting attacks possible. When IIS receives a request for an .idc file, the server typically returns a 404...

CVE-2002-1053

Cross-site scripting XSS vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message...

CVE-2002-0944

Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the 1 user-agent or 2 referrer, which are not filtered by the stats program...

CVE-2002-0955

Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board YaBB 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message...

CVE-2002-0938

Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe...

CVE-2002-0960

Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users...