CVE-2002-0960

Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users...

CVE-2002-0962

CVE-2002-0962 corresponds to a cross-site scripting vulnerability in GeekLog 1.3.5 and earlier. The connected Nessus entry links this CVE to GeekLog

CVE-2002-0944

Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the 1 user-agent or 2 referrer, which are not filtered by the stats program...

CVE-2002-0955

Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board YaBB 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message...

CVE-2002-0959

The CVE-2002-0959 entry refers to a Cross-site scripting vulnerability in Splatt Forum 3.0. The issue allows remote attackers to execute arbitrary script as other users by abusing an tag with a closing quote followed by malicious script. According to the NVD entry, the vulnerability has a base s...

CVE-2002-0944

Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03–6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program. Affected: DeepMetrix LiveStats versions 5.03 through 6.2.1. Impact: ...

[SECURITY] [DSA 156-1] New Light package fixes arbitrary script execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 156-1 [email protected] http://www.debian.org/security/ Martin Schulze August 22th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 156-1] New Light package fixes arbitrary script execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 156-1 [email protected] http://www.debian.org/security/ Martin Schulze August 22th, 2002 http://www.debian.org/security/faq -...

CVE-2002-0530

Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter...

CVE-2002-0731

The CVE-2002-0731 entry describes a Cross-site scripting vulnerability in the demonstration scripts for vqServer. The issue arises when an attacker can craft a link with script code in the arguments to demo scripts (e.g., respond.pl), enabling remote script execution in the victim’s browser via s...

CVE-2002-0732

CVE-2002-0732 is a cross-site scripting vulnerability in MyGuestbook 1.0. The issue enables remote attackers to execute arbitrary script or inject HTML via fields such as user name and comments due to insufficient input validation. Affected: MyGuestbook 1.0 (version 1.0). Impact is remote script ...

GNU Mailman 2.0.x - Subscribe Cross-Site Scripting

source: https://www.securityfocus.com/bid/5298/info GNU Mailman is prone to a cross-site scripting vulnerability. Arbitrary HTML and script code are not sanitized from the URI parameters of mailing list subscribe scripts. An attacker may exploit this issue by creating a malicious link containing...

CVE-2002-0117

Cross-site scripting vulnerability in Yet Another Bulletin Board YaBB 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag...

CVE-2002-0346

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to 1 service.cgi or 2 alert.cgi...

CVE-2002-0590

Cross-site scripting (XSS) in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies via the title or body of posts. The vulnerability affects the web application’s posting features and stems from improper handling/encoding of user-supplied input. Impact is descri...

CVE-2002-0530

Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter...

Splatt Forum 3.0 - Image Tag HTML Injection

source: https://www.securityfocus.com/bid/4953/info Splatt Forum does not filter HTML from image tags. This may allow an attacker to inject arbitrary script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message,...

CVE-2002-0242

Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed...

CVE-2002-0238

Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script...

PHPBB2 - Image Tag HTML Injection

source: https://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 "PHPBB Image Tag User-Embedded Scripting Vulnerability". However, phpBB2 was found to not be...