3218 matches found
Invision Power Board COLOR SML Tag XSS
According to the version number in its banner, the installation of Invision Power Board on the remote host reportedly does not sufficiently sanitize the 'COLOR' SML tag. A remote attacker may exploit this vulnerability by adding a specially crafted 'COLOR' tag with arbitrary JavaScript to any...
CVE-2004-0705
Multiple cross-site scripting XSS vulnerabilities in 1 editcomponents.cgi, 2 editgroups.cgi, 3 editmilestones.cgi, 4 editproducts.cgi, 5 editusers.cgi, and 6 editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other...
CVE-2004-0705
Multiple cross-site scripting XSS vulnerabilities in 1 editcomponents.cgi, 2 editgroups.cgi, 3 editmilestones.cgi, 4 editproducts.cgi, 5 editusers.cgi, and 6 editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other...
CVE-2004-0705
Multiple cross-site scripting XSS vulnerabilities in 1 editcomponents.cgi, 2 editgroups.cgi, 3 editmilestones.cgi, 4 editproducts.cgi, 5 editusers.cgi, and 6 editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other...
IMP Content-Type Header XSS
The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code simply by reading a MIME messa...
CVE-2002-0494
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name...
CVE-2002-2178
Cross-site scripting XSS vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag...
Input Validation Error in vbulletin 2.2.x
Description: --------------- VBulletin discussion forum http://www.vbulletin.com does not properly validate the input for html tag enabled forums, allowing arbitrary JavaScript code to be run for any access level user. Prof of concept: ---------------- b onMouseOver="alertdocument.location;"This...
CVE-2002-0459
Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter...
CVE-2002-0475
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message...
EUVD-2002-0775
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL...
CVE-2002-0458
Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter...
CVE-2002-0375
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter...
CVE-2002-0230
Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message...
CVE-2002-0375
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter...
CVE-2001-0987
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap...
CVE-2001-1212
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter...
CVE-2001-0987
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap...