Basit 1.0 Search Module - Cross-Site Scripting

Basit 1.0 Search Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/7142/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker m...

RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting

RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting source: https://www.securityfocus.com/bid/7108/info A cross-site scripting vulnerability has been discovered in ClearTrust. Specifically, the login page for the management application is not properly sanitized of some user-supplied values. A...

myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6892/info Reportedly, myPHPNuke 'links.php' does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code that will be executed in the...

[SECURITY] [DSA 221-1] New mhonarc packages fix cross site scripting

-------------------------------------------------------------------------- Debian Security Advisory DSA 221-1 [email protected] http://www.debian.org/security/ Martin Schulze January 3rd, 2003 http://www.debian.org/security/faq -...

DSA-221 mhonarc - cross site scripting

Bulletin has no description...

CVE-2002-1700

Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...

CVE-2002-1727

Cross-site scripting vulnerability XSS in 1 asweb.exe and 2 asweb4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL...

CVE-2002-1893

Cross-site scripting XSS vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message...

CVE-2002-2062

Cross-site scripting XSS vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP...

CVE-2002-1799

Cross-site scripting XSS vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the 1 email parameter to add.php or 2 banurl parameter...

CVE-2002-2044

Cross-site scripting XSS vulnerability in xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action...

CVE-2002-1702

Cross-site scripting vulnerability XSS in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter...

CVE-2002-2192

Cross-site scripting XSS vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via 1 a Host: header when DNS wildcards are supported or 2 the query string in a "dir" request to indexed folders...

CVE-2002-1899

Cross-site scripting XSS vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" addressname parameter...

W-Agora 4.1.6 - 'EditForm.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6464/info W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems. A problem with W-Agora may make cross-site scripting attacks possible. It has been reported that W-Agora has a vulnerability in th...

CVE-2002-1187

Cross-site scripting vulnerability XSS in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource...

CVE-2002-1276

An incomplete fix for a cross-site scripting XSS vulnerability in SquirrelMail 1.2.8 calls the striptags function on the PHPSELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks...

[Sec-Tec Advisory] Local scripting vulnerability in phpBB

Application: phpBB2 Vendor : http://www.phpbb.com Problem : Insufficient filtering of user input Usability : Easy Severity : Medium Report by : Pete Foster, Sec-Tec Ltd http://www.sec-tec.com The Product From vendors site: phpBB is a high powered, fully scalable, and highly customisable open-sour...

Working Resources BadBlue 1.7.1 - Search Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/6253/info The ext.dll ISAPI does not sufficiently sanitize user-supplied input when processing search queries. This may allow an attacker to create a custom URL containing script code that, when viewed in a browser by a legitimate user, will result in the...

YaBB 1.40/1.41 - Login Cross-Site Scripting

source: https://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB Yet Another Bulletin Board forum login script. HTML tags or script code are not sanitized from the error output of erroneous login attempts. As a result, it is possible for a...