PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/7898/info The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who...

PHP 4.x - Transparent Session ID Cross-Site Scripting

PHP 4.x - Transparent Session ID Cross-Site Scripting source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting...

PHP 4.x - Transparent Session ID Cross-Site Scripting

source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link...

CVE-2003-0273

Cross-site scripting XSS vulnerability in the web interface for Request Tracker RT 1.0 through 1.0.7 allows remote attackers to execute script via message bodies...

EJ3 TOPo 2.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13700/info TOPo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

CVE-2003-0115

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233...

CVE-2003-0116

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal...

CVE-2003-0273

Cross-site scripting XSS vulnerability in the web interface for Request Tracker RT 1.0 through 1.0.7 allows remote attackers to execute script via message bodies...

Opera 7.0/7.10 - JavaScript Console Single Quote Attribute Injection

source: https://www.securityfocus.com/bid/7449/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script code in a sensitive context...

Microsoft Internet Explorer does not adequately validate source of dialog frame

Overview Microsoft Internet Explorer IE allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookies from other web sites. In the presence of other vulnerabilities VU626395,...

CVE-2002-1434

Multiple cross-site scripting XSS vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs...

CVE-2002-1442

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location...

CVE-2002-0738

CVE-2002-0738 concerns MHonArc up to version 2.5.2 and earlier, where archiving HTML mail could allow remote script execution in web clients. The root cause is inadequate filtering of Javascript within archived messages, enabling tricks such as breaking SCRIPT tags, using SCRIPT in an IMG SRC, or...

CVE-2002-0691

CVE-2002-0691 affects Microsoft Internet Explorer 5.01 and 5.5, enabling remote attackers to execute scripts in the Local Computer zone via a URL referencing a local HTML resource file (Cross-Site Scripting in Local HTML Resource, CAN-2002-0189). CERT and CVE records describe vulnerable local res...

CVE-2002-0075

CVE-2002-0075 is a cross-site scripting vulnerability in Microsoft IIS 4.0/5.0/5.1 where an attacker could cause arbitrary script to run in a user’s browser via unsanitized content in redirect error messages. The connected OpenVAS/ISS/CERT sources confirm multiple CSS issues tied to IIS, includin...

CVE-2002-0958

Technical details about CVE-2002-0958 are not publicly provided in the connected documents. No additional information on affected products, versions, root cause, exploit status, or fixes is available here. Monitor for updates from official sources.

CVE-2002-0329

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag...

CVE-2002-0032

Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI...

CVE-2002-0075

Cross-site scripting vulnerability for Internet Information Server IIS 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect ""302 Object Moved" message...

CVE-2002-0187

Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."...