CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...

CVE-2002-0731

Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl...

CVE-2002-0520

Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag...

ShoutBox 1.2 - Form HTML Injection

ShoutBox 1.2 - Form HTML Injection source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated ...

ShoutBox 1.2 - 'Form' HTML Injection

source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated by the script. This may result in...

CVE-2002-0032

Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI...

CVE-2002-0787

Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified 1 LOCID or 2 OC parameters...

CVE-2002-0787

The CVE-2002-0787 entry describes a cross-site scripting vulnerability in the iCon administrative web server for Critical Path inJoin Directory Server 4.0. The issue arises from reflected XSS via modified administrator URLs using the LOCID or OC parameters, allowing remote attackers to execute sc...

GNU Mailman 2.0.x - Admin Login Variant Cross-Site Scripting

GNU Mailman 2.0.x - Admin Login Variant Cross-Site Scripting source: https://www.securityfocus.com/bid/5299/info GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code...

CVE-2002-0681

Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script...

CVE-2002-0682

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet...

CVE-2002-0681

CVE-2002-0681 : A cross-site scripting vulnerability affects GoAhead Web Server 2.1. An attacker can deliver a URL containing script that, when a 404 Not Found page is generated, is not quoted, allowing script execution in another user context. CVSS data indicates a high base score (7.5) with net...

CVE-2002-0535

Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via 1 an IMG tag when BBCode is enabled, or 2 in a topic title...

CVE-2002-0615

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation"...

BBC Education Betsie 1.5 - Parserl.pl Cross-Site Scripting

source: https://www.securityfocus.com/bid/5135/info Betsie BBC Education Text to Speech Internet Enhancer is prone to a cross-site scripting vulnerability. This issue exists in the parserl.pl script. Attackers may exploit this condition via a malicious link to a site running the vulnerable...

security flaw

Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via 1 the admin login page, or 2 the Pipermail index summaries...

Security Bulletin MS02-032: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920)

---------------------------------------------------------------------- Title: 26 June 2002 Cumulative Patch for Windows Media Player Q320920 Date: 26 June 2002 Software: Windows Media Player Impact: Three new vulnerabilities, the most serious of which could run code of attacker's choice Max Risk:...

CVE-2001-1161

Cross-site scripting CSS vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script...

CVE-2002-0026

IE 5.5/6.0 remote code execution via an object handling asynchronous events after initial security checks. Exploitation would bypass scripting restrictions, enabling arbitrary script execution. Remediation notes in connected docs point to Microsoft MS02-005 (and MS05-020) patches; OpenVAS entries...

CVE-2002-1056

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format RTF, which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or...