PHP-Nuke 6.0 - Web Mail Script Injection

PHP-Nuke 6.0 - Web Mail Script Injection source: https://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an...

Web Server Creator Web Portal 0.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/6251/info The Web Server Creator Web Portal is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for the customize.php and index.php scripts. As a...

Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting

Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting source: https://www.securityfocus.com/bid/5900/info A vulnerability in Microsoft Internet Information Server IIS may make cross-site scripting attacks possible. When IIS receives a request for an .idc file, the server typically returns a 404...

CVE-2002-1053

Cross-site scripting XSS vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message...

CVE-2002-0938

Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe...

CVE-2002-0955

Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board YaBB 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message...

CVE-2002-0944

Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the 1 user-agent or 2 referrer, which are not filtered by the stats program...

CVE-2002-0960

Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users...

Microsoft Internet Explorer executes scripts when scripting has been disabled after bypassing initial security checks

Overview A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting. Description Internet Explorer permits users to customize settings that enable and disable the ability of scripts t...

DaCode 1.2 - News Message HTML Injection

DaCode 1.2 - News Message HTML Injection source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. DaCode does not sufficiently filter potentially malicious HTML code from news posts. As a result, when ...

Drupal 4.0 - News Message HTML Injection

Drupal 4.0 - News Message HTML Injection source: https://www.securityfocus.com/bid/5801/info Problems with Drupal could allow an attacker to execute arbitrary script code in a vulnerable client. Drupal fails to sufficiently filter potentially malicious HTML code from news posts. As a result, when...

PHP-Nuke 6.0 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5796/info Problems with PHPNuke could make it possible to execute arbitrary script code in a vulnerable client. PHPNuke does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contai...

NPDS 4.8 - News Message HTML Injection

NPDS 4.8 - News Message HTML Injection source: https://www.securityfocus.com/bid/5797/info Problems with NPDS could make it possible to execute arbitrary script code in a vulnerable client. NPDS does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user...

NPDS 4.8 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5797/info Problems with NPDS could make it possible to execute arbitrary script code in a vulnerable client. NPDS does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...

DaCode 1.2 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. DaCode does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...

phpWebSite 0.8.3 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that...

ACWeb 1.141.8 - Cross-Site Scripting

ACWeb 1.141.8 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5793/info acWEB is prone to cross-site scripting attacks. It is possible to construct a malicious link to the web server which contains arbitrary script code. When the link is visited, the script code will be executed ...

Drupal 4.0 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5801/info Problems with Drupal could allow an attacker to execute arbitrary script code in a vulnerable client. Drupal fails to sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contain...

XOOPS 1.0 RC3 - HTML Injection

source: https://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a user views a message posting that...

XOOPS 1.0 RC3 - HTML Injection

XOOPS 1.0 RC3 - HTML Injection source: https://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a user...