CVE-2002-0205

The CVE-2002-0205 entry describes a cross‑site scripting (XSS) flaw in Plumtree Corporate Portal 3.5–4.5, where an attacker could inject arbitrary script via the Description parameter in error.asp, potentially affecting other clients. The affected product/component is Plumtree Corporate Portal (e...

CVE-2002-0242

The CVE-2002-0242 entry concerns Internet Explorer 6 and describes a cross-site scripting vulnerability where output from a remote server via an Extended HTML Form is not properly cleansed, allowing remote script execution. Affected component: Internet Explorer 6 (Extended HTML Form handling). Ro...

CVE-2002-0269

Summary: CVE-2002-0269 concerns Internet Explorer 5.x/6 that treats a loaded object as an HTML document even when its MIME type is text/plain, potentially enabling remote script execution in documents the user trusts not to contain executable content. What is affected: Internet Explorer 5.x and 6...

CVE-2002-0238

Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script...

CVE-2002-0205

Cross-site scripting CSS vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter...

CVE-2002-0242

Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed...

CVE-2002-0269

Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent...

CVE-2002-0270

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web...

CVE-2002-0316

Cross-site scripting vulnerability in eXtreme message board XMB 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag...

Security Bulletin MS02-021: E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward (Q321804)

---------------------------------------------------------------------- Title: E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward Q321804 Date: 25 April 2002 Software: Microsoft Outlook Impact: Run Code of Attacker's Choice Max Risk: Moderate Bulletin: MS02-021 Microsoft...

CVE-2002-0075

Cross-site scripting vulnerability for Internet Information Server IIS 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect ""302 Object Moved" message...

PostBoard 2.0 - Topic Title Script Execution

PostBoard 2.0 - Topic Title Script Execution source: https://www.securityfocus.com/bid/4561/info PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems. PostBoard does not...

Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant (MS02-047)

Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant MS02-047 source: https://www.securityfocus.com/bid/5561/info Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions...

Multiple bugs in Office Web Components

Script execution, access to local files and clipboard...

AOL Instant Messenger saves code embedded in image tag to conversation log which could be viewed/executed by a browser

Overview Certain Alpha versions of AOL Instant Messenger AIM, that were leaked, would log errors to a log file. By sending a crafted image file, it may be possible to execute arbitrary script/HTML on a victims browser when they view the log files. Description AOL Instant Messenger has the ability...

CVE-2002-0078

The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability...

Security Bulletin MS02-015

---------------------------------------------------------------------- Title: 28 March 2002 Cumulative Patch for Internet Explorer Date: 28 March 2002 Software: Internet Explorer Impact: Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone. Max Risk:...

CVE-2002-0117

Cross-site scripting vulnerability in Yet Another Bulletin Board YaBB 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag...

Webmin 0.x - Code Input Validation

source: https://www.securityfocus.com/bid/4329/info Webmin is a web-based interface for system administration of Unix and Linux operating systems. Webmin does not filter script code from output that may be displayed by the web interface, such as log files, etc. This may enable a local attacker,...

CVE-2002-0118

The CVE-2002-0118 entry concerns Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0, where a cross‑site scripting (XSS) vulnerability exists. According to the description, remote attackers can execute arbitrary script and steal cookies by sending a message containing encoded Javascript ...