CVE-2002-0504

Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuseApplication parameter to 1 launch.jsp or 2 launch.asp...

CVE-2002-0521

Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in 1 the name parameter in downloads.asp, 2 the message parameter in Post.asp, or 3 a web site URL in profile.asp...

CVE-2002-0475

The CVE-2002-0475 entry describes a cross-site scripting (XSS) vulnerability in phpBB versions 1.4.4 and earlier. The flaw allows remote attackers to cause arbitrary JavaScript execution on a user’s browser by embedding a script inside an IMG tag while editing a message. Affected software is phpB...

CVE-2002-0549

Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users...

CVE-2002-0530

Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter...

CVE-2002-0411

AeroMail

CVE-2002-0535

Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via 1 an IMG tag when BBCode is enabled, or 2 in a topic title...

Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 + Title: Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability + Date: 7 June 2002 + Author: Eiji James Yoshida [email protected] + Risk: Medium + Vulnerable: Windows2000 SP2 IE5.5SP1 Windows2000 SP2 IE5.5SP2...

Splatt Forum 3.0 - Image Tag HTML Injection

Splatt Forum 3.0 - Image Tag HTML Injection source: https://www.securityfocus.com/bid/4953/info Splatt Forum does not filter HTML from image tags. This may allow an attacker to inject arbitrary script code in forum messages. Injected script code will be executed in the browser of an arbitrary web...

CVE-2002-0388

Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via 1 the admin login page, or 2 the Pipermail index summaries...

CVE-2002-0243

Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed...

CVE-2002-0269

Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent...

Yahoo Messenger - Multiple Vulnerabilities

Yahoo! Instant Messenger YIM Hi-Jack 101-- Multiple Vulnerabilities & Demonstration Exploit Date : 05/02/2002 Version : Yahoo! Messenger 5, 0, 0, 1061 latest build at time Platforms : Win98, Win2K, XP Pro and likely all Windows versions Severity : Medium - High Contents : 01. Summary 02...

PHPBB2 - Image Tag HTML Injection

source: https://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 "PHPBB Image Tag User-Embedded Scripting Vulnerability". However, phpBB2 was found to not be...

PHPBB2 - Image Tag HTML Injection

PHPBB2 - Image Tag HTML Injection source: https://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 "PHPBB Image Tag User-Embedded Scripting Vulnerability"...

GNU Mailman 2.0.x - Admin Login Cross-Site Scripting

GNU Mailman 2.0.x - Admin Login Cross-Site Scripting source: https://www.securityfocus.com/bid/4825/info GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code. A user...

CVE-2002-0189

Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability...

CVE-2002-0205

Cross-site scripting CSS vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter...

CVE-2002-1056

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format RTF, which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or...

CVE-2002-0270

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web...