security flaw

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

CVE-2002-1157

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

CVE-2002-1168

Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" CRLF sequence, which echoes the Location as an HTTP...

CVE-2002-1167

Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request...

Microsoft Internet Explorer 56 - Cached Objects Zone Bypass

Microsoft Internet Explorer 56 - Cached Objects Zone Bypass source: https://www.securityfocus.com/bid/6028/info Multiple vulnerabilities have been reported for Microsoft Internet Explorer. These vulnerabilities have been reported to affect Internet Explorer 5.5 to 6.0. Internet Explorer 6.0 with...

CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

PHPRank 1.8 - add.php Cross-Site Scripting

PHPRank 1.8 - add.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5945/info phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems. It has been reported that phpRank is vulnerable to cross-site scripting...

Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting

Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting source: https://www.securityfocus.com/bid/5900/info A vulnerability in Microsoft Internet Information Server IIS may make cross-site scripting attacks possible. When IIS receives a request for an .idc file, the server typically returns a 404...

CVE-2002-1036

Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine FDSE before 2.0.0.0055 allows remote attackers to execute web script via the 1 Rank or 2 Match parameters...

CVE-2002-0948

Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes SSI as the web server, via the 1 Name or 2 Email parameters, which are not properly filtered...

CVE-2002-1131

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via 1 addressbook.php, 2 options.php, 3 search.php, or 4 help.php...

CVE-2002-0959

Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an img tag with a closing quote followed by the script...

CVE-2002-1053

Cross-site scripting XSS vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message...

CVE-2002-0944

Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the 1 user-agent or 2 referrer, which are not filtered by the stats program...

CVE-2002-0938

Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe...

CVE-2002-0955

Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board YaBB 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message...

CVE-2002-1006

Cross-site scripting XSS vulnerability in BBC Education Text to Speech Internet Enhancer Betsie 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl...

CVE-2002-0931

Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a 1 Title or 2 Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the 3...

CVE-2002-1015

RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which ...