CVE-2004-2497

Cross-site scripting XSS vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vector...

CVE-2004-2702

Cross-site scripting XSS vulnerability in loginup.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the loginname parameter. NOTE: this might be the same vector as CVE-2006-6451...

CVE-2004-1730

Cross-site scripting XSS vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via 1 the return parameter to loginpage.php, 2 e-mail field in signup.php, 3 action parameter to loginselectprojpage.php, or 4 hidestatus parameter to viewallset.php...

CVE-2004-2199

Cross-site scripting XSS vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text...

CVE-2004-2625

Cross-site scripting XSS vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag...

CVE-2004-2188

Cross-site scripting XSS vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2004-2755

Cross-site scripting XSS vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in 1 error or 2 block page messages...

CVE-2004-1807

Cross-site scripting XSS vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to inject arbitrary web script or HTML via the URL...

CVE-2004-2447

Cross-site scripting XSS vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to 1 viewmail.tagz, 2 the index script under /user/, 3 members.tagz, 4 general.tagz, 5 advanced.tagz, or 6 list.tagz...

CVE-2004-1746

Cross-site scripting XSS vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the 1 catselect or 2 show parameters...

CVE-2004-1442

Cross-site scripting XSS vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."...

CVE-2004-1863

Multiple cross-site scripting XSS vulnerabilities in XMB aka extreme message board 1.9 beta aka Nexus beta allow remote attackers to inject arbitrary web script or HTML via 1 the u2uheader parameter in editprofile.php, the restrict parameter in 2 member.php, 3 misc.php, and 4 today.php, and 5 an...

CVE-2004-2096

Cross-site scripting XSS vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL...

CVE-2004-1809

Cross-site scripting XSS vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 postdays parameter to viewtopic.php or 2 topicdays parameter to viewforum.php...

CVE-2004-2171

Cross-site scripting XSS vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page...

CVE-2004-2379

Multiple cross-site scripting XSS vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via 1 the Displayed Name attribute in util.pl and 2 the Folder attribute in showmail.pl...

CVE-2004-1424

Cross-site scripting XSS vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter...

CVE-2004-2113

Cross-site scripting XSS vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL...

CVE-2004-2756

Cross-site scripting XSS vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the 1 forum and 2 topicid parameters...

WPkontakt.txt

Product: WPKontakt , Jaroslaw Sajko Advisory: http://www.man.poznan.pl/security/wpkontakt.html ISSUE WPkontakt is the another Polish instant messenger. The problem is similiar to the problems revealed in GG or Tlen.pl - parsing error leading to the remote script execution. DETAILS Parsing error...