7611 matches found
CVE-2003-0769
Cross-site scripting XSS vulnerability in the ICQ Web Front guestbook guestbook.html allows remote attackers to insert arbitrary web script and HTML via the message field...
XMB Forum 1.8 - member.php?member Cross-Site Scripting
XMB Forum 1.8 - member.php?member Cross-Site Scripting source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit an...
XMB Forum 1.8 - buddy.php?action Cross-Site Scripting
XMB Forum 1.8 - buddy.php?action Cross-Site Scripting source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any...
XMB Forum 1.8 - 'buddy.php?action' Cross-Site Scripting
source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary...
XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting
source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary...
PHP 4.x - Transparent Session ID Cross-Site Scripting
PHP 4.x - Transparent Session ID Cross-Site Scripting source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting...
PHP 4.x - Transparent Session ID Cross-Site Scripting
source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link...
Happymall E-Commerce Software 4.34.4 - Normal_HTML.cgi Cross-Site Scripting
Happymall E-Commerce Software 4.34.4 - NormalHTML.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/7557/info IT has been reported that Happymall E-Commerce is prone to cross-site scripting attacks. The problem occurs due to insufficient sanitization of user-supplied URI...
Basic Analysis and Security Engine (BASE) 1.2.4 - PrintFreshPage Cross-Site Scripting
Basic Analysis and Security Engine BASE 1.2.4 - PrintFreshPage Cross-Site Scripting source: https://www.securityfocus.com/bid/17391/info BASE is prone to a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied input in the 'PrintFreshPage' function. An...
CVE-2002-0187
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."...
CVE-2002-0989
CVE-2002-0989 affects Gaim prior to 0.59.1. The vulnerability lies in the URL handler of the manual browser option, where a crafted link containing shell metacharacters can lead to remote command execution. References from Red Hat, Debian, Mandrake, and Red Hat advisories indicate updating to 0.5...
CVE-2002-0733
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message...
CVE-2002-0329
Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag...
CVE-2002-1529
Cross-site scripting XSS vulnerability in msgError.asp for the administrative web interface STEMWADM for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter...
Nuked-Klan index.php Multiple Module Vulnerabilities
The instance of Nuked-klan running on the remote web server is affected by multiple vulnerabilities due to a failure to sanitize user-supplied input to several parameters before using them in the 'Team', 'News', and 'Liens' modules to display dynamic HTML. An unauthenticated, remote attacker can...
CVE-2002-1533
Cross-site scripting XSS vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters %0a...
Microsoft Windows Me and XP Help and Support Center does not adequately validate hcp:// URI parameters
Overview The Help and Support Center included with Microsoft Windows Millennium Edition and XP does not adequately validate parameters provided in an "hcp://" URI. As a result, an attacker could construct a URI that could cause the Help and Support Center to execute arbitrary script, effectively...
CVE-2002-1703
Cross-site scripting vulnerability XSS in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter...
CVE-2002-1724
Cross-site scripting vulnerability XSS in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter...
CVE-2002-1729
Cross-site scripting vulnerability XSS in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message...