CVE-2002-0682

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet...

CVE-2002-0681

CVE-2002-0681 : A cross-site scripting vulnerability affects GoAhead Web Server 2.1. An attacker can deliver a URL containing script that, when a 404 Not Found page is generated, is not quoted, allowing script execution in another user context. CVSS data indicates a high base score (7.5) with net...

CVE-2002-0535

Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via 1 an IMG tag when BBCode is enabled, or 2 in a topic title...

CVE-2002-0615

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation"...

BBC Education Betsie 1.5 - Parserl.pl Cross-Site Scripting

source: https://www.securityfocus.com/bid/5135/info Betsie BBC Education Text to Speech Internet Enhancer is prone to a cross-site scripting vulnerability. This issue exists in the parserl.pl script. Attackers may exploit this condition via a malicious link to a site running the vulnerable...

security flaw

Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via 1 the admin login page, or 2 the Pipermail index summaries...

Security Bulletin MS02-032: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920)

---------------------------------------------------------------------- Title: 26 June 2002 Cumulative Patch for Windows Media Player Q320920 Date: 26 June 2002 Software: Windows Media Player Impact: Three new vulnerabilities, the most serious of which could run code of attacker's choice Max Risk:...

CVE-2002-0026

IE 5.5/6.0 remote code execution via an object handling asynchronous events after initial security checks. Exploitation would bypass scripting restrictions, enabling arbitrary script execution. Remediation notes in connected docs point to Microsoft MS02-005 (and MS05-020) patches; OpenVAS entries...

CVE-2002-0078

Affected software: Microsoft Internet Explorer 5.5 and 6.0. Vulnerability: zone determination flaw allows a script embedded in a cookie to execute in the Local Computer zone, enabling in‑the‑wild commands with the victim’s privileges. Impact: arbitrary commands can run on the target system due to...

CVE-2002-0026

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made...

CVE-2002-0078

The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability...

CVE-2002-1056

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format RTF, which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or...

CVE-2001-1161

Cross-site scripting CSS vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script...

CVE-2002-0316

Cross-site scripting vulnerability in eXtreme message board XMB 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag...

CVE-2002-0329

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag...

CVE-2002-0330

Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board OpenBB 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag...

Microsoft SQLXML HTTP components vulnerable to cross-site scripting via root parameter

Overview A cross-site scripting vulnerability exists in the Microsoft SQLXML HTTP components. This vulnerability could allow an attacker to execute script on a victim's system with the victim's privileges. Description Microsoft SQL Server 2000 includes a feature called SQLXML that allows the serv...

CVE-2002-0388

Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via 1 the admin login page, or 2 the Pipermail index summaries...

PHP-Address 0.2 e - Remote File Inclusion

PHP-Address 0.2 e - Remote File Inclusion source: https://www.securityfocus.com/bid/5039/info PHP-Address is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-suppli...

osCommerce 2.1 - Remote File Inclusion

osCommerce 2.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/5037/info osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied P...