CVE-2002-1852

Cross-site scripting XSS vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 a parameter to test2.pl...

CVE-2002-1681

Cross-site scripting XSS vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph tag...

CVE-2002-1965

Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...

CVE-2002-2359

Cross-site scripting XSS vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL...

PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution

source: https://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has been reported that the vulnerable module fails to...

CVE-2002-1334

Cross-site scripting XSS vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via 1 the direct parameter in imageFolio.cgi, or 2 nph-build.cgi...

CVE-2002-1335

Cross-site scripting XSS vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies...

CVE-2002-1307

Cross-site scripting vulnerability XSS in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name...

security flaw

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

security flaw

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

CVE-2002-1168

Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" CRLF sequence, which echoes the Location as an HTTP...

CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

CVE-2002-0959

Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an img tag with a closing quote followed by the script...

CVE-2002-1132

SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script...

CVE-2002-1006

Cross-site scripting XSS vulnerability in BBC Education Text to Speech Internet Enhancer Betsie 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl...

CVE-2002-1015

RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which ...

CVE-2002-0691

Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189...

CVE-2002-0855

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the 1 adminpw or 2 info parameters to the ml-name feature...

CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via 1 the printenv CGI printenv.pl, which does not encode its output, 2 pages generated by the apsenderrorresponse function such as a default 404, which does not...