CVE-2002-0783

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL...

Working Resources BadBlue 1.7 - 'ext.dll' Cross-Site Scripting

source: https://www.securityfocus.com/bid/5086/info BadBlue is a P2P file sharing application distributed by Working Resources. The ext.dll ISAPI does not sufficiently sanitize input. Because of this, it is possible for a user to create a custom URL containing script code that, when viewed in a...

CVE-2002-0413

Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script...

CVE-2002-0474

Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag...

CVE-2002-0481

The CVE-2002-0481 issue involves Microsoft Windows Media Player and Outlook 2002. An HTML email containing an IFRAME referencing Windows Media files (.WMS or similar) can trigger onload code that calls player.LaunchURL(), allowing remote attackers to bypass Outlook security settings and execute J...

Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities

source: https://www.securityfocus.com/bid/4957/info It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated...

Microsoft Internet Explorer 5/6 - FTP Web View Cross-Site Scripting

source: https://www.securityfocus.com/bid/4954/info A cross site scripting issue has been reported with some versions of Microsoft Internet Explorer for Windows. Under some configurations, data included within a FTP URL will be rendered as displayed content, allowing the execution of arbitrary...

CVE-2002-0375

Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter...

CVE-2002-0217

Cross-site scripting CSS vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via 1 the Title field or a Private Message Box or 2 the image field parameter in pmlite.php...

CVE-2001-1257

Cross-site scripting vulnerability in Horde Internet Messaging Program IMP before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email...

[NT] Lil' HTTP Server "Referer" Cross Site Scripting Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...

Cookie access via res:\\ and about:\\ in Microsoft Internet Explorer

It's possible to use about: and res: URl to execute javascript in context of any page and local machine...

How Outlook 2002 can still execute JavaScript in an HTML email message

Hello, Windows Media Player WMP reintroduces the ability to automatically execute JavaScript code from an HTML email message in Outlook 2002. JavaScript is disabled by default in Outlook 2002, because it can facilitate the creation of worms and other malicious code which is carried by HTML email...

CVE-2001-1212

Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter...

CVE-2001-1202

CVE-2001-1202 affects DeleGate versions 7.7.0 and 7.7.1. The root cause is that scripting commands are not quoted in a 403 Forbidden error page, enabling remote attackers to trigger cross‑site scripting by using a URL that generates an error. Consequence is arbitrary Javascript execution on other...

php-nuke.5.5.css.txt

PHP-Nuke is a PHP based portal management system used at thousands of sites. A Cross Site Scripting vulnerability has been discovered in the PHP-Nuke version 5.5 and prior versions. There is a function called Private Messages in PHP-Nuke by which the registered users of the site can send messages...

FreeBSD-SA-02:16.netscape

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:16 Security Advisory FreeBSD, Inc. Topic: GIF/JPEG comment vulnerability in Netscape Category: ports Module: netscape Announced: 2002-03-12 Credits: Florian Wesch Affects...

Cobalt cube3 css

Try either of the following URLs against your RAQ3 http://host/nav/cList.php?root=/scripth1www.snosoft.com rocks/h1 http://host/nav/cList.php?root=/scriptscriptalert'Snosoft Rocks'/script You will see your code followed by this chunk of java code that was trying to run. "; // get tab configuratio...

CVE-2001-1202

Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error...

CVE-2001-1352

Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter...