CVE-2002-1688

This CVE concerns Microsoft Internet Explorer versions 5.5–6.0, where the browser history feature can be abused to execute arbitrary JavaScript in the context of a user session. An attacker can inject JavaScript into the URL, which is executed when the user clicks Back, allowing remote script exe...

CVE-2005-1659

CVE-2005-1659 : MyServer 0.8 is vulnerable to cross-site scripting via filemanager.cpp. An attacker can craft a URL containing a triple dot ("...") followed by an onmouseover event to inject arbitrary Javascript. Public sources (NVD/Red Hat/OpenVAS) consistently describe XSS affecting MyServer 0....

CVE-2005-1592

Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript...

security flaw

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...

security flaw

Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page...

firefox -- arbitrary code execution from sidebar panel

A Mozilla Foundation Security Advisory states: If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it...

CVE-2004-1712

Cross-site scripting XSS vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter...

Invision Power Board (IP.Board) 1.x2.0.3 - SML Code Script Injection

Invision Power Board IP.Board 1.x2.0.3 - SML Code Script Injection source: https://www.securityfocus.com/bid/12607/info Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script...

Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection

source: https://www.securityfocus.com/bid/12607/info Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script content. Since this could permit an attacker to inject hostile...

phpmyadmin -- arbitrary file include and XSS vulnerabilities

A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...

[Full-Disclosure] XSS VULNERABILITY AT MODULE PostWrap

Bonjour, Albania Security Clan vient de decouvrir une vulnebalirite de type XSS dans le module PostWrap le problem est au niveu de /index.php?module=PostWrap&page=http://hostename.com/HACK/asc/ascmd.txt c n'est po une php injection parce que c'est protege mais on peux injecter des comandes XSS, d...

Security Advisory: BiTBOARD xss

Advisory Information -------------------- Advisory name : BiTBOARD XSS Discovered by : drhankey / it-security23.net Vendor Name : the bitshifters sdc Vendor Homepage : http://www.bitshifters.net Software : Bitboard Vulnerability Type : Cross-Site-Scripting Vulnerable Versions : 2.5 and prior...

CVE-2004-1043

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control hhctrl.ocx to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as...

CVE-2004-2174

Cross-site scripting XSS vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter...

CVE-2004-1043

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control hhctrl.ocx to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as...

YaBB Shadow BBCode Tag XSS

The remote host is using the YaBB web forum software. According to its version number, the remote version of this software is vulnerable to JavaScript injection issues using shadow or glow tags. This may allow an attacker to inject hostile JavaScript into the forum system, to steal cookie...

Google Toolbar 1.1.x - About.HTML HTML Injection

source: https://www.securityfocus.com/bid/11210/info Google Toolbar is reported prone to a HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code. This vulnerability may allow an attacker to inject malicious HTML and...

Mozilla Firefox < 2.0.0.15 Multiple Vulnerabilities

Binary data 4567.prm...

SeaMonkey < 1.1.10 Multiple Vulnerabilities

Binary data 4568.prm...

CVE-2004-1712

Cross-site scripting XSS vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter...