Lucene search
K

6252 matches found

Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.29 views

Debian DSA-220-1 : squirrelmail - XSS

A cross site scripting vulnerability has been discovered in squirrelmail, a feature-rich webmail package written in PHP4. Squirrelmail doesn't sanitize user provided variables in all places, leaving it vulnerable to a cross site scripting attack. %NASLMINLEVEL 70300 C Tenable Network Security, In...

6.8CVSS4.8AI score0.01967EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/09/27 12:0 a.m.26 views

ViewCVS viewcvs.cgi Multiple Parameter XSS

The remote host is running ViewCVS, a tool written in Python to browse CVS repositories via the web. The version of ViewCVS running on the remote host has a cross-site scripting vulnerability. Input to the 'viewcvs' parameter is not properly sanitized. A remote attacker could exploit this by...

6.4CVSS5.8AI score0.07235EPSS
Exploits1References2
NVD
NVD
added 2004/09/18 4:0 a.m.10 views

CVE-2004-1692

Cross-site scripting XSS vulnerability in index.php in Mambo 4.5 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the 1 Itemid, 2 mosmsg, or 3 limit parameters...

4.3CVSS5.7AI score0.01793EPSS
Exploits1References5
Exploit DB
Exploit DB
added 2004/09/17 12:0 a.m.38 views

YaBB 1.x/9.1.2000 - 'YaBB.pl IMSend' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11215/info A cross-site scripting vulnerability is reported in the YaBB forum 'YaBB.pl' script. As a result, it is possible for a remote attacker to create a malicious link to the affected page of a site hosting the web forum. The malicious link may conta...

7.4AI score
Exploits0
NVD
NVD
added 2004/09/10 4:0 a.m.16 views

CVE-2004-1669

Cross-site scripting XSS vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the 1 User name parameter to accountsettings.html or 2 Search string parameter to search.html...

4.3CVSS6.2AI score0.01177EPSS
Exploits0References4
exploitpack
exploitpack
added 2004/09/05 12:0 a.m.14 views

PSNews 1.1 - No Cross-Site Scripting

PSNews 1.1 - No Cross-Site Scripting source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2004/09/05 12:0 a.m.26 views

PSNews 1.1 - 'No' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This vulnerability is reported t...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/02 12:0 a.m.188 views

IlohaMail user Parameter XSS

According to its banner, the remote web server is running IlohaMail version 0.8.10 or earlier. Such versions do not properly sanitize the 'user' parameter before using it to generate dynamic HTML output. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user...

5.8AI score
Exploits0References1
Debian CVE
Debian CVE
added 2004/09/01 4:0 a.m.16 views

CVE-2002-1307

Cross-site scripting vulnerability XSS in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name...

6.8CVSS5.7AI score0.04022EPSS
Exploits0
Exploit DB
Exploit DB
added 2004/08/23 12:0 a.m.22 views

PhotoADay - 'Pad_selected' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11009/info It is reported that PhotoADay is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious U...

7.4AI score
Exploits0
OSV
OSV
added 2004/08/21 4:0 a.m.9 views

CVE-2004-1735

Cross-site scripting XSS vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field...

5.3AI score
Exploits0References5
CERT
CERT
added 2004/08/11 12:0 a.m.32 views

Microsoft Outlook Web Access contains vulnerability in HTML redirection query

Overview A cross-site scripting vulnerability in Microsoft Exchange 5.5 Outlook Web Access OWA could allow an attacker to execute arbitrary scripting code in the victim's browser. Description Outlook Web Access OWA is a component of Microsoft Exchange. By using OWA, a server that is running...

4.3CVSS5.9AI score0.20982EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2004/08/09 12:0 a.m.14 views

BreakCalendar < 1.3 XSS

The remote host seems to be running BreakCalendar, a web-based calendar. The remote version of this software is vulnerable to a cross-site scripting attack that may allow an attacker to use the remote host to perform attacks against third-party users. %NASLMINLEVEL 70300 C Tenable Network Securit...

5.5AI score
Exploits0
NVD
NVD
added 2004/08/06 4:0 a.m.23 views

CVE-2004-1711

Cross-site scripting XSS vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...

4.3CVSS5.7AI score0.0127EPSS
Exploits1References4
NVD
NVD
added 2004/07/29 4:0 a.m.18 views

CVE-2004-2064

Cross-site scripting XSS vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the 1 Email or 2 Website fields...

4.3CVSS5.9AI score0.01875EPSS
Exploits0References6
exploitpack
exploitpack
added 2004/07/22 12:0 a.m.12 views

Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting

Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting source: https://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2004/07/15 12:0 a.m.38 views

BoardPower Forum - &#039;ICQ.cgi&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/10734/info BoardPower Forum is reportedly affected by a cross-site scripting vulnerability in the icq.cgi script. This issue is due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2004/07/13 4:0 a.m.18 views

CVE-2004-0675

Cross-site scripting XSS vulnerability in 1 cart32.exe or 2 c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command...

6.2AI score0.04243EPSS
Exploits1References4
exploitpack
exploitpack
added 2004/07/05 12:0 a.m.9 views

12Planet Chat Server 2.9 - Cross-Site Scripting

12Planet Chat Server 2.9 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10659/info It is reported that 12Planet Chat Server is prone to a cross-site scripting vulnerability. This issue is due to a lack of sanitization of user-supplied data. The problem presents itself when...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2004/06/22 12:0 a.m.29 views

ArbitroWeb PHP Proxy 0.5/0.6 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/10592/info It is reported that ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter. The URI parameter passed to 'index.php' called 'rawURL' contains the desired target for the proxy to connect to. This parameter i...

7.4AI score
Exploits0
Rows per page
Query Builder