3275 matches found
Horde 3.0 XSS Vulnerability
Horde is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2005-2595
Cross-site scripting XSS vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages...
CVE-2005-2595
Cross-site scripting XSS vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages...
CVE-2004-2174
Cross-site scripting XSS vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter...
CVE-2005-1659
Cross-site scripting XSS vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." triple dot followed by an onmouseover event...
CVE-2005-1592
Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript...
CVE-2005-1477
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as...
CVE-2005-1477
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as...
CVE-2005-1476
Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477...
CVE-2005-1477
CVE-2005-1477 describes an arbitrary JavaScript execution flaw in Firefox 1.0.3 via the installer’s IconURL handling, enabling code execution with chrome privileges when a trusted extension install site (e.g., update.mozilla.org/addon.mozilla.org) is used, potentially chaining with CVE-2005-1476....
CVE-2005-1068
Cross-site scripting XSS vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via url tags...
CVE-2005-0778
PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif...
CVE-2005-1158
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...
CVE-2005-1158
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...
CVE-2005-1068
Cross-site scripting XSS vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via url tags...
CVE-2002-1649
Cross-site scripting XSS vulnerability in readbody.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag...
CVE-2004-1712
Technical details about CVE-2004-1712 are not publicly provided in the supplied documents; monitor for updates.
Invision Power Board COLOR SML Tag XSS
According to the version number in its banner, the installation of Invision Power Board on the remote host reportedly does not sufficiently sanitize the 'COLOR' SML tag. A remote attacker may exploit this vulnerability by adding a specially crafted 'COLOR' tag with arbitrary JavaScript to any...
CVE-2004-0705
Multiple cross-site scripting XSS vulnerabilities in 1 editcomponents.cgi, 2 editgroups.cgi, 3 editmilestones.cgi, 4 editproducts.cgi, 5 editusers.cgi, and 6 editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other...
CVE-2004-0705
Multiple cross-site scripting XSS vulnerabilities in 1 editcomponents.cgi, 2 editgroups.cgi, 3 editmilestones.cgi, 4 editproducts.cgi, 5 editusers.cgi, and 6 editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other...