CVE-2004-1599

Cross-site scripting XSS vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the 1 query or 2 nick parameters...

DCP-Portal 3.7/4.x/5.x - 'announcement.php?cid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11338/info DCP-Portal is reported prone to multiple cross-site scripting vulnerabilities. It is reported that DCP-Portal does not sufficiently filter URI parameters supplied to several scripts. Because of this deficiency, it is possible for a remote...

DCP-Portal 3.7/4.x/5.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/11338/info DCP-Portal is reported prone to multiple cross-site scripting vulnerabilities. It is reported that DCP-Portal does not sufficiently filter URI parameters supplied to several scripts. Because of this deficiency, it is possible for a remote...

DCP-Portal 3.7/4.x/5.x - 'news.php?cid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11338/info DCP-Portal is reported prone to multiple cross-site scripting vulnerabilities. It is reported that DCP-Portal does not sufficiently filter URI parameters supplied to several scripts. Because of this deficiency, it is possible for a remote...

Mambo Open Source 4.5.1 (1.0.9) - Cross-Site Scripting

Mambo Open Source 4.5.1 1.0.9 - Cross-Site Scripting source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. ...

CVE-2004-1690

Cross-site scripting XSS vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL...

PerlDesk < 2 pdesk.cgi lang Parameter Traversal Server-Side Script Execution

Binary data 2278.prm...

CVE-2004-0820

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...

CVE-2002-0615

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation"...

CVE-2002-0682

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet...

CVE-2002-0546

CVE-2002-0546: In the Winamp mini-browser (versions 2.78 and 2.79), the HTML/JS execution vulnerability is triggered by crafted ID3v1/ID3v2 tags in MP3 files, allowing remote script execution. The root cause is cross-site scripting within the mini-browser component when processing MP3 metadata. E...

CVE-2002-0615

CVE-2002-0615 affects Windows Media Player 7.1 (and related Media Player versions) where the Windows Media Active Playlist stores data in a well-known local file path, enabling HTML script execution in the Local Computer zone. Connected documentation also references MS02-032 (patch 320920) that f...

CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

Newtelligence DasBlog 1.x - Request Log HTML Injection

Newtelligence DasBlog 1.x - Request Log HTML Injection source: https://www.securityfocus.com/bid/11086/info DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input...

GLSA-200406-11 : Horde-IMP: Input validation vulnerability

The remote host is affected by the vulnerability described in GLSA-200406-11 Horde-IMP: Input validation vulnerability Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code. Impact : By enticing a user to read a specially crafted e-mail, an attacker can...

GLSA-200406-08 : Squirrelmail: Another XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200406-08 Squirrelmail: Another XSS vulnerability A new cross-site scripting XSS vulnerability in Squirrelmail-1.4.3rc1 has been discovered. In functions/mime.php Squirrelmail fails to properly sanitize user input. Impact : By...

CVE-2004-0820

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...

Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/11064/info Reportedly the XOOPS Dictionary Module by Nagle is affected by multiple cross-site scripting vulnerabilities. This issue is due to a failure of the application to properly sanitize user-supplied URI input. As a result of this issue and attacker...

VulnCheck KEV: CVE-2004-0820

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...

HastyMail HTML Attachment Script Execution

The remote host is running HastyMail, a PHP-based mail client application. The installed version contains a flaw caused by email attachments not being properly defined int he Content-Disposition HTTP header. An attacker could exploit this flaw to inject Javascript or ActiveX code in an attachment...