CVE-2003-0278

Cross-site scripting XSS vulnerability in normalhtml.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter...

CVE-2003-0115

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233...

CVE-2003-0273

Cross-site scripting XSS vulnerability in the web interface for Request Tracker RT 1.0 through 1.0.7 allows remote attackers to execute script via message bodies...

CVE-2002-0958

Cross-site scripting vulnerability in browse.php for PHPReactor 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section...

CVE-2002-1053

Cross-site scripting XSS vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message...

CVE-2001-1370

prepend.php3 in PHPLib before 7.2d, when registerglobals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $PHPLIBlibdir to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages...

CVE-2002-0032

Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI...

CVE-2002-0619

The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic VBA scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" CVE-2000-0788...

CVE-2002-1459

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, and 3 Subject...

CVE-2002-1434

Multiple cross-site scripting XSS vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs...

CVE-2002-1455

Multiple cross-site scripting XSS vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via 1 test.php, 2 test.shtml, or 3 redir.exe...

CVE-2003-1326

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."...

CVE-2002-1662

Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via 1 search.php and 2 the "Your name" field during account registration...

CVE-2002-1681

Cross-site scripting XSS vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph tag...

CVE-2002-1680

Cross-site scripting XSS vulnerability in CGI Online Worldweb Shopping 1.1 a.k.a. COWS allows remote attackers to execute arbitrary script as other users by injecting script into 1 diagnose.cgi or 2 compatible.cgi...

CVE-2002-1700

Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...

CVE-2002-1702

Cross-site scripting vulnerability XSS in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter...

CVE-2002-1727

Cross-site scripting vulnerability XSS in 1 asweb.exe and 2 asweb4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL...

CVE-2002-1802

Cross-site scripting XSS vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news...

CVE-2002-1845

Cross-site scripting XSS vulnerability in index.php in Yet Another Bulletin Board YaBB 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password passwrd parameter...