CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6682 matches found

Exploit DB•added 2003/07/05 12:0 a.m.•21 views

Microsoft Outlook 5.5/2000 - Web Access HTML Attachment Script Execution

source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to prevent filtering of the attachment by...

7.4AI score

Exploits0

exploitpack•added 2003/07/05 12:0 a.m.•12 views

Microsoft Outlook 5.52000 - Web Access HTML Attachment Script Execution

Microsoft Outlook 5.52000 - Web Access HTML Attachment Script Execution source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML messa...

Exploits0

Exploit DB•added 2003/07/02 12:0 a.m.•33 views

Verity K2 Toolkit 2.20 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/8073/info It has been reported that Verity K2 Toolkit does not sufficiently filter user-supplied search parameters. As a result of this reported deficiency, it may be possible for a remote attacker to create a malicious link containing script code that wi...

7.4AI score

Exploits0

exploitpack•added 2003/06/23 12:0 a.m.•14 views

XMB Forum 1.8 - buddy.php?action Cross-Site Scripting

XMB Forum 1.8 - buddy.php?action Cross-Site Scripting source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any...

0.5AI score

Exploits0

Exploit DB•added 2003/06/23 12:0 a.m.•100 views

XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting

source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary...

7.4AI score

Exploits0

Exploit DB•added 2003/06/23 12:0 a.m.•29 views

XMB Forum 1.8 - 'buddy.php?action' Cross-Site Scripting

7.4AI score

Exploits0

Cvelist•added 2003/06/20 4:0 a.m.•20 views

CVE-2003-0447

The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated...

6.9AI score0.32534EPSS

Exploits1References4

CVE•added 2003/06/20 4:0 a.m.•52 views

CVE-2003-0447

The CVE-2003-0447 issue affects Internet Explorer versions 5.01, 5.5 and 6.0, where the Custom HTTP Errors capability can be abused via an argument to shdocvw.dll to generate a javascript: link, enabling remote script execution in the Local Zone. The vulnerability is described as allowing remote ...

5.1CVSS7.3AI score0.32534EPSS

Exploits1References4Affected Software1

Exploit DB•added 2003/06/13 12:0 a.m.•30 views

PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/7898/info The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who...

7.4AI score

Exploits0

exploitpack•added 2003/05/30 12:0 a.m.•13 views

PHP 4.x - Transparent Session ID Cross-Site Scripting

PHP 4.x - Transparent Session ID Cross-Site Scripting source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting...

6.8AI score

Exploits0

Exploit DB•added 2003/05/30 12:0 a.m.•37 views

PHP 4.x - Transparent Session ID Cross-Site Scripting

source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link...

7.4AI score

Exploits0

NVD•added 2003/05/27 4:0 a.m.•11 views

CVE-2003-0273

Cross-site scripting XSS vulnerability in the web interface for Request Tracker RT 1.0 through 1.0.7 allows remote attackers to execute script via message bodies...

6.8CVSS6.1AI score0.00867EPSS

Exploits0References2

Exploit DB•added 2003/05/20 12:0 a.m.•24 views

EJ3 TOPo 2.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13700/info TOPo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

7.4AI score

Exploits0

NVD•added 2003/05/12 4:0 a.m.•17 views

CVE-2003-0116

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal...

5CVSS6.3AI score0.27633EPSS

Exploits1References4

NVD•added 2003/05/12 4:0 a.m.•19 views

CVE-2003-0115

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233...

7.5CVSS7AI score0.14296EPSS

Exploits0References2

Cvelist•added 2003/05/09 4:0 a.m.•14 views

CVE-2003-0273

Cross-site scripting XSS vulnerability in the web interface for Request Tracker RT 1.0 through 1.0.7 allows remote attackers to execute script via message bodies...

6.1AI score0.00867EPSS

Exploits0References2

Exploit DB•added 2003/04/28 12:0 a.m.•19 views

Opera 7.0/7.10 - JavaScript Console Single Quote Attribute Injection

source: https://www.securityfocus.com/bid/7449/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script code in a sensitive context...

7.4AI score

Exploits0

CERT•added 2003/04/25 12:0 a.m.•41 views

Microsoft Internet Explorer does not adequately validate source of dialog frame

Overview Microsoft Internet Explorer IE allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookies from other web sites. In the presence of other vulnerabilities VU626395,...

7.6AI score

Exploits0References27

NVD•added 2003/04/11 4:0 a.m.•17 views

CVE-2002-1434

Multiple cross-site scripting XSS vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs...

6.8CVSS5.9AI score0.00879EPSS

Exploits1References3

NVD•added 2003/04/11 4:0 a.m.•13 views

CVE-2002-1442

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location...

7.5CVSS6.7AI score0.00677EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by