6267 matches found
CVE-2002-1799
Cross-site scripting XSS vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the 1 email parameter to add.php or 2 banurl parameter...
CVE-2002-2062
Cross-site scripting XSS vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP...
CVE-2002-1899
Cross-site scripting XSS vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" addressname parameter...
CVE-2002-2044
Cross-site scripting XSS vulnerability in xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action...
CVE-2002-1700
Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...
W-Agora 4.1.6 - 'EditForm.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/6464/info W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems. A problem with W-Agora may make cross-site scripting attacks possible. It has been reported that W-Agora has a vulnerability in th...
CVE-2002-1187
Cross-site scripting vulnerability XSS in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource...
CVE-2002-1276
An incomplete fix for a cross-site scripting XSS vulnerability in SquirrelMail 1.2.8 calls the striptags function on the PHPSELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks...
[Sec-Tec Advisory] Local scripting vulnerability in phpBB
Application: phpBB2 Vendor : http://www.phpbb.com Problem : Insufficient filtering of user input Usability : Easy Severity : Medium Report by : Pete Foster, Sec-Tec Ltd http://www.sec-tec.com The Product From vendors site: phpBB is a high powered, fully scalable, and highly customisable open-sour...
Working Resources BadBlue 1.7.1 - Search Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/6253/info The ext.dll ISAPI does not sufficiently sanitize user-supplied input when processing search queries. This may allow an attacker to create a custom URL containing script code that, when viewed in a browser by a legitimate user, will result in the...
YaBB 1.401.41 - Login Cross-Site Scripting
YaBB 1.401.41 - Login Cross-Site Scripting source: https://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB Yet Another Bulletin Board forum login script. HTML tags or script code are not sanitized from the error output of erroneous login...
YaBB 1.40/1.41 - Login Cross-Site Scripting
source: https://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB Yet Another Bulletin Board forum login script. HTML tags or script code are not sanitized from the error output of erroneous login attempts. As a result, it is possible for a...
PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting
PHPReactor 1.2.7 pl1 - browse.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5939/info phpReactor is prone to cross-site scripting attacks. An attacker may create a malicious link to a phpReactor site which contains malicious HTML and script code. If this link is visited by a...
[SECURITY] [DSA 169-1] New ht://Check packages fix cross site scripting problem
-------------------------------------------------------------------------- Debian Security Advisory DSA 169-1 [email protected] http://www.debian.org/security/ Martin Schulze September 25th, 2002 http://www.debian.org/security/faq -...
CVE-2002-0944
Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the 1 user-agent or 2 referrer, which are not filtered by the stats program...
PostNuke 0.72 - modules.php Cross-Site Scripting
PostNuke 0.72 - modules.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5809/info A cross site scripting vulnerability has been reported for PostNuke. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and...
phpGB: cross site scripting bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following cross-site-scripting-bug in phpGB: Details - ------- Product: phpGB Affected Version: 1.10 and maybe all versions before Immune Version: 1.20 OS affected: all OS with php Vendor-URL: http://www.walzl.net Vendor-Status:...
CVE-2002-1037
Cross-site scripting vulnerability in Double Choco Latte DCL before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the 1 Ticket Find, 2 Priorities, 3 Severities, 4 Projects, 5 WO Find, 6 Departments and 7 Users features...
NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For Immediate Disclosure ============================== Summary ============================== Security Alert: NOVL-2002-2963297 Title: NetBasic Buffer Overflow + Scripting Vulnerability Date: 20-Aug-2002 Revision: Original Security Alert Product Name...
W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5447/info CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C. The httpd Proxy is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is...