XMB Forum 1.8 - buddy.php?action Cross-Site Scripting

XMB Forum 1.8 - buddy.php?action Cross-Site Scripting source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any...

XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting

source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary...

XMB Forum 1.8 - 'buddy.php?action' Cross-Site Scripting

source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary...

XMB Forum 1.8 - member.php?member Cross-Site Scripting

XMB Forum 1.8 - member.php?member Cross-Site Scripting source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit an...

PHP 4.x - Transparent Session ID Cross-Site Scripting

PHP 4.x - Transparent Session ID Cross-Site Scripting source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting...

PHP 4.x - Transparent Session ID Cross-Site Scripting

source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link...

Happymall E-Commerce Software 4.34.4 - Normal_HTML.cgi Cross-Site Scripting

Happymall E-Commerce Software 4.34.4 - NormalHTML.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/7557/info IT has been reported that Happymall E-Commerce is prone to cross-site scripting attacks. The problem occurs due to insufficient sanitization of user-supplied URI...

Basic Analysis and Security Engine (BASE) 1.2.4 - PrintFreshPage Cross-Site Scripting

Basic Analysis and Security Engine BASE 1.2.4 - PrintFreshPage Cross-Site Scripting source: https://www.securityfocus.com/bid/17391/info BASE is prone to a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied input in the 'PrintFreshPage' function. An...

CVE-2002-0187

Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."...

CVE-2002-0329

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag...

CVE-2002-0733

Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message...

CVE-2002-0989

CVE-2002-0989 affects Gaim prior to 0.59.1. The vulnerability lies in the URL handler of the manual browser option, where a crafted link containing shell metacharacters can lead to remote command execution. References from Red Hat, Debian, Mandrake, and Red Hat advisories indicate updating to 0.5...

CVE-2002-1529

Cross-site scripting XSS vulnerability in msgError.asp for the administrative web interface STEMWADM for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter...

Nuked-Klan index.php Multiple Module Vulnerabilities

The instance of Nuked-klan running on the remote web server is affected by multiple vulnerabilities due to a failure to sanitize user-supplied input to several parameters before using them in the 'Team', 'News', and 'Liens' modules to display dynamic HTML. An unauthenticated, remote attacker can...

CVE-2002-1533

Cross-site scripting XSS vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters %0a...

Microsoft Windows Me and XP Help and Support Center does not adequately validate hcp:// URI parameters

Overview The Help and Support Center included with Microsoft Windows Millennium Edition and XP does not adequately validate parameters provided in an "hcp://" URI. As a result, an attacker could construct a URI that could cause the Help and Support Center to execute arbitrary script, effectively...

CVE-2002-1703

Cross-site scripting vulnerability XSS in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter...

CVE-2002-2011

Cross-site scripting XSS vulnerability in the fom CGI program fom.cgi in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2002-1724

Cross-site scripting vulnerability XSS in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter...

CVE-2002-1729

Cross-site scripting vulnerability XSS in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message...