CVE-2002-0530

Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter...

CVE-2002-0731

The CVE-2002-0731 entry describes a Cross-site scripting vulnerability in the demonstration scripts for vqServer. The issue arises when an attacker can craft a link with script code in the arguments to demo scripts (e.g., respond.pl), enabling remote script execution in the victim’s browser via s...

CVE-2002-0732

CVE-2002-0732 is a cross-site scripting vulnerability in MyGuestbook 1.0. The issue enables remote attackers to execute arbitrary script or inject HTML via fields such as user name and comments due to insufficient input validation. Affected: MyGuestbook 1.0 (version 1.0). Impact is remote script ...

GNU Mailman 2.0.x - Subscribe Cross-Site Scripting

source: https://www.securityfocus.com/bid/5298/info GNU Mailman is prone to a cross-site scripting vulnerability. Arbitrary HTML and script code are not sanitized from the URI parameters of mailing list subscribe scripts. An attacker may exploit this issue by creating a malicious link containing...

CVE-2002-0117

Cross-site scripting vulnerability in Yet Another Bulletin Board YaBB 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag...

CVE-2002-0346

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to 1 service.cgi or 2 alert.cgi...

CVE-2002-0590

Cross-site scripting (XSS) in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies via the title or body of posts. The vulnerability affects the web application’s posting features and stems from improper handling/encoding of user-supplied input. Impact is descri...

CVE-2002-0530

Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter...

Splatt Forum 3.0 - Image Tag HTML Injection

source: https://www.securityfocus.com/bid/4953/info Splatt Forum does not filter HTML from image tags. This may allow an attacker to inject arbitrary script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message,...

CVE-2002-0242

Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed...

CVE-2002-0238

Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script...

PHPBB2 - Image Tag HTML Injection

source: https://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 "PHPBB Image Tag User-Embedded Scripting Vulnerability". However, phpBB2 was found to not be...

CVE-2002-0346

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to 1 service.cgi or 2 alert.cgi...

CVE-2002-0269

Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent...

Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant (MS02-047)

Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant MS02-047 source: https://www.securityfocus.com/bid/5561/info Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions...

ReBB 1.0 - Image Tag Cross-Agent Scripting

source: https://www.securityfocus.com/bid/4220/info ReBB is web forum software which will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. It is written in PHP and may be back-ended by a number of databases. ReBB allows users to include images in forum messages...

Дырки в PHP Phorum

Можно указать некорректный php-файл для выполнения, администратор форума имеет возможность вставить собственный PHP-скрипт...

CVE-2001-0991

Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message...

CVE-2001-0999

Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script...

Ultimate Bulletin Board 5.46.06.2 - Cross-Agent Scripting

Ultimate Bulletin Board 5.46.06.2 - Cross-Agent Scripting source: https://www.securityfocus.com/bid/3829/info UBB Ultimate Bulletin Board is commercial web forums/community software that is written in Perl. It runs on various Unix/Linux variants, as well as Microsoft Windows NT/2000. UBB is prone...