CVE-2002-1056

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format RTF, which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or...

CVE-2002-0078

Affected software: Microsoft Internet Explorer 5.5 and 6.0. Vulnerability: zone determination flaw allows a script embedded in a cookie to execute in the Local Computer zone, enabling in‑the‑wild commands with the victim’s privileges. Impact: arbitrary commands can run on the target system due to...

CVE-2002-0316

Cross-site scripting vulnerability in eXtreme message board XMB 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag...

CVE-2002-0329

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag...

CVE-2002-0330

Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board OpenBB 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag...

CVE-2002-0026

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made...

Microsoft SQLXML HTTP components vulnerable to cross-site scripting via root parameter

Overview A cross-site scripting vulnerability exists in the Microsoft SQLXML HTTP components. This vulnerability could allow an attacker to execute script on a victim's system with the victim's privileges. Description Microsoft SQL Server 2000 includes a feature called SQLXML that allows the serv...

CVE-2002-0388

Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via 1 the admin login page, or 2 the Pipermail index summaries...

PHP-Address 0.2 e - Remote File Inclusion

PHP-Address 0.2 e - Remote File Inclusion source: https://www.securityfocus.com/bid/5039/info PHP-Address is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-suppli...

osCommerce 2.1 - Remote File Inclusion

osCommerce 2.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/5037/info osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied P...

osCommerce 2.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/5037/info osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the...

CVE-2002-0504

Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuseApplication parameter to 1 launch.jsp or 2 launch.asp...

CVE-2002-0521

Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in 1 the name parameter in downloads.asp, 2 the message parameter in Post.asp, or 3 a web site URL in profile.asp...

CVE-2002-0475

The CVE-2002-0475 entry describes a cross-site scripting (XSS) vulnerability in phpBB versions 1.4.4 and earlier. The flaw allows remote attackers to cause arbitrary JavaScript execution on a user’s browser by embedding a script inside an IMG tag while editing a message. Affected software is phpB...

CVE-2002-0549

Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users...

CVE-2002-0411

AeroMail

CVE-2002-0530

Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter...

CVE-2002-0535

Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via 1 an IMG tag when BBCode is enabled, or 2 in a topic title...

Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 + Title: Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability + Date: 7 June 2002 + Author: Eiji James Yoshida [email protected] + Risk: Medium + Vulnerable: Windows2000 SP2 IE5.5SP1 Windows2000 SP2 IE5.5SP2...

Splatt Forum 3.0 - Image Tag HTML Injection

Splatt Forum 3.0 - Image Tag HTML Injection source: https://www.securityfocus.com/bid/4953/info Splatt Forum does not filter HTML from image tags. This may allow an attacker to inject arbitrary script code in forum messages. Injected script code will be executed in the browser of an arbitrary web...