4574 matches found
CVE-2002-1901
Cross-site scripting XSS vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags...
CVE-2002-2192
Cross-site scripting XSS vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via 1 a Host: header when DNS wildcards are supported or 2 the query string in a "dir" request to indexed folders...
CVE-2002-2422
Cross-site scripting XSS vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message...
CVE-2002-2330
Cross-site scripting XSS vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via 1 HTTPUSERAGENT or 2 HTTPREFERER, which is written to stats.html and executed in client browsers...
CVE-2002-1995
Cross-site scripting XSS vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter...
CVE-2002-2362
Cross-site scripting XSS vulnerability in formheader.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter...
CVE-2002-2296
Cross-site scripting XSS vulnerability in YaBB.pl in Yet Another Bulletin Board YaBB 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter...
CVE-2002-2318
Cross-site scripting XSS vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages...
CVE-2002-1845
Cross-site scripting XSS vulnerability in index.php in Yet Another Bulletin Board YaBB 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password passwrd parameter...
CVE-2002-1852
Cross-site scripting XSS vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 a parameter to test2.pl...
CVE-2002-2359
Cross-site scripting XSS vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL...
CVE-2002-1681
Cross-site scripting XSS vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph tag...
CVE-2002-1965
Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...
PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution
source: https://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has been reported that the vulnerable module fails to...
CVE-2002-1334
Cross-site scripting XSS vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via 1 the direct parameter in imageFolio.cgi, or 2 nph-build.cgi...
CVE-2002-1335
Cross-site scripting XSS vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies...
CVE-2002-1307
Cross-site scripting vulnerability XSS in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name...
security flaw
Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...
security flaw
Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...
CVE-2002-1168
Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" CRLF sequence, which echoes the Location as an HTTP...