CVE-2002-2178

Cross-site scripting XSS vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag...

CVE-2002-2031

Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results...

ArGoSoft Web-Mail security problem

ArGoSoft Web-Mail security problem. A vulnerability affects ArGoSoft Mail Server Pro for WinNT/2000/XP Version 1.8.1.9 I did not test other versions, this is the only I have, but others should be vulnerable too. The problem is in the Web-Mail interface, it is posible to execute javascript by...

CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...

Microsoft Windows Media Player ActiveX control allows execution of javascript in "already open" frames

Overview A vulnerability in the Windows Media Player may allow remote attackers to view the contents of local files on the victim's computer. Description Using the "LaunchURL" method of the Windows Media Player ActiveX control, a web page author may be able to circumvent the frame security featur...

Lycos HTMLGear - guestGear CSS HTML Injection

source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code in a guestbook entries, which would be rendere...

Lycos HTMLGear - guestGear CSS HTML Injection

Lycos HTMLGear - guestGear CSS HTML Injection source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code ...

CVE-2002-0458

Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter...

CVE-2002-0783

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL...

CVE-2002-0457

Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as , , and & in fields such as 1 name, 2 email, 3 AIM screen name, 4 website, 5 location, or 6 message...

CVE-2002-0413

Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script...

CVE-2002-0783

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL...

Working Resources BadBlue 1.7 - 'ext.dll' Cross-Site Scripting

source: https://www.securityfocus.com/bid/5086/info BadBlue is a P2P file sharing application distributed by Working Resources. The ext.dll ISAPI does not sufficiently sanitize input. Because of this, it is possible for a user to create a custom URL containing script code that, when viewed in a...

CVE-2002-0413

Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script...

CVE-2002-0474

Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag...

CVE-2002-0481

The CVE-2002-0481 issue involves Microsoft Windows Media Player and Outlook 2002. An HTML email containing an IFRAME referencing Windows Media files (.WMS or similar) can trigger onload code that calls player.LaunchURL(), allowing remote attackers to bypass Outlook security settings and execute J...

Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities

source: https://www.securityfocus.com/bid/4957/info It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated...

Microsoft Internet Explorer 5/6 - FTP Web View Cross-Site Scripting

source: https://www.securityfocus.com/bid/4954/info A cross site scripting issue has been reported with some versions of Microsoft Internet Explorer for Windows. Under some configurations, data included within a FTP URL will be rendered as displayed content, allowing the execution of arbitrary...

CVE-2002-0375

Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter...

CVE-2002-0217

Cross-site scripting CSS vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via 1 the Title field or a Private Message Box or 2 the image field parameter in pmlite.php...