Selection:
XSS CSRF Privilege Buffer Remote Stack
CVE ID Name Status References
CVE-2000-1105

The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.

Proposed (20001219)

BID:1933 | URL:http://www.securityfocus.com/bid/1933 | BUGTRAQ:20001110 IE 5.x Win2000 Indexing service vulnerability | URL:http://www.securityfocus.com/archive/1/144270 | WIN2KSEC:20001110 IE 5.x Win2000 Indexing service vulnerability | URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0074.html

CVE-2001-1416

Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags.

Assigned (20050320)

CERT-VN:VU#541384 | URL:http://www.kb.cert.org/vuls/id/541384 | CONFIRM:http://www.kb.cert.org/vuls/id/JARL-56TPBQ | URL:http://www.kb.cert.org/vuls/id/JARL-56TPBQ | MISC:http://www.windowsitpro.com/Articles/Index.cfm?ArticleID=19811&DisplayTab=Article | URL:http://www.windowsitpro.com/Articles/Index.cfm?ArticleID=19811&DisplayTab=Article

CVE-2001-1441

Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.

Assigned (20050421)

BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability | URL:http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html | CERT-VN:VU#270083 | URL:http://www.kb.cert.org/vuls/id/270083 | XF:java-servlet-crosssite-scripting(6793) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6793

CVE-2001-1516

Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews.

Assigned (20050714)

BID:3380 | URL:http://www.securityfocus.com/bid/3380 | XF:phpreview-cross-site-scripting(7218) | URL:http://www.iss.net/security_center/static/7218.php

CVE-2001-1521

Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.

Assigned (20050714)

BID:3609 | URL:http://www.securityfocus.com/bid/3609 | BUGTRAQ:20011203 Phpnuke Cross site scripting vulnerability | URL:http://online.securityfocus.com/archive/82/243545 | BUGTRAQ:20011215 PHPNuke holes | URL:http://online.securityfocus.com/archive/1/245691 | XF:phpnuke-postnuke-css(7654) | URL:http://www.iss.net/security_center/static/7654.php

CVE-2001-1522

Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.

Assigned (20050714)

VULN-DEV:20011215 Security hole in IMessenger ( PHP-Nuke ) | URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0848.html | VULN-DEV:20011215 Serious bug in IMessenger ( php-nuke ) | URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0851.html

CVE-2001-1523

Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter.

Assigned (20050714)

VULN-DEV:20011216 CSS in DMOZGateway ( php-nuke ) | URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0853.html

CVE-2001-1524

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.

Assigned (20050714)

BID:3609 | URL:http://www.securityfocus.com/bid/3609 | BUGTRAQ:20011203 Phpnuke Cross site scripting vulnerability | URL:http://online.securityfocus.com/archive/82/243545 | BUGTRAQ:20011215 PHPNuke holes | URL:http://online.securityfocus.com/archive/1/245691 | BUGTRAQ:20011216 Phpnuke module.php vulnerability and php error_reporting issue | URL:http://online.securityfocus.com/archive/1/245875 | CONFIRM:http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz | VULN-DEV:20011220 1 last CSS hole in PHPNuke :) | URL:http://online.securityfocus.com/archive/82/246603 | XF:phpnuke-postnuke-css(7654) | URL:http://www.iss.net/security_center/static/7654.php

CVE-2001-1526

Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter.

Assigned (20050714)

BUGTRAQ:20011201 easynews 1.5 let's remote users modify database | URL:http://archives.neohapsis.com/archives/bugtraq/2001-12/0000.html | XF:easynews-php-css(7658) | URL:http://www.iss.net/security_center/static/7658.php

CVE-2002-0840

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

BID:5847 | URL:http://www.securityfocus.com/bid/5847 | BUGTRAQ:20021002 Apache 2 Cross-Site Scripting | URL:http://marc.info/?l=bugtraq&m=103357160425708&w=2 | BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) | URL:http://marc.info/?l=bugtraq&m=103376585508776&w=2 | BUGTRAQ:20021017 TSLSA-2002-0069-apache | URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html | CERT-VN:VU#240329 | URL:http://www.kb.cert.org/vuls/id/240329 | CONECTIVA:CLA-2002:530 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 | CONFIRM:http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 | CONFIRM:http://www.apacheweek.com/issues/02-10-04 | DEBIAN:DSA-187 | URL:http://www.debian.org/security/2002/dsa-187 | DEBIAN:DSA-188 | URL:http://www.debian.org/security/2002/dsa-188 | DEBIAN:DSA-195 | URL:http://www.debian.org/security/2002/dsa-195 | ENGARDE:ESA-20021007-024 | URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html | HP:HPSBUX0210-224 | URL:http://online.securityfocus.com/advisories/4617 | MANDRAKE:MDKSA-2002:068 | URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php | MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ | URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ | URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ | URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ | URL:https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E | OSVDB:862 | URL:http://www.osvdb.org/862 | REDHAT:RHSA-2002:222 | URL:http://www.redhat.com/support/errata/RHSA-2002-222.html | REDHAT:RHSA-2002:243 | URL:http://www.redhat.com/support/errata/RHSA-2002-243.html | REDHAT:RHSA-2002:244 | URL:http://www.redhat.com/support/errata/RHSA-2002-244.html | REDHAT:RHSA-2002:248 | URL:http://www.redhat.com/support/errata/RHSA-2002-248.html | REDHAT:RHSA-2002:251 | URL:http://www.redhat.com/support/errata/RHSA-2002-251.html | REDHAT:RHSA-2003:106 | URL:http://www.redhat.com/support/errata/RHSA-2003-106.html | SGI:20021105-02-I | URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I | VULNWATCH:20021002 Apache 2 Cross-Site Scripting | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html | XF:apache-http-host-xss(10241) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10241

CVE-2002-1006

Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl.

BID:5135 | URL:http://www.securityfocus.com/bid/5135 | BUGTRAQ:20020701 PTL-2002-03 Betsie XSS Vuln | URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0002.html | CONFIRM:http://www.bbc.co.uk/education/betsie/parser.pl.txt | XF:betsie-parserl-xss(9468) | URL:http://www.iss.net/security_center/static/9468.php

CVE-2002-1053

Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message.

BID:5506 | URL:http://www.securityfocus.com/bid/5506 | BUGTRAQ:20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST) | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html | CONFIRM:http://www.w3.org/Jigsaw/RelNotes.html#2.2.1 | OSVDB:4015 | URL:http://www.osvdb.org/4015 | XF:jigsaw-http-proxy-xss(9914) | URL:http://www.iss.net/security_center/static/9914.php

CVE-2002-1060

Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page.

BID:5305 | URL:http://www.securityfocus.com/bid/5305 | BID:5608 | URL:http://www.securityfocus.com/bid/5608 | BUGTRAQ:20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability | URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html | BUGTRAQ:20020903 Re: CacheFlow CacheOS Cross-site Scripting Vulnerability | CONFIRM:http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm | XF:cacheos-unresolved-error-xss(9674) | URL:http://www.iss.net/security_center/static/9674.php

CVE-2002-1167

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.

Proposed (20030317)

AIXAPAR:IY24527 | BID:6000 | URL:http://www.securityfocus.com/bid/6000 | VULNWATCH:20021023 R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues | XF:ibm-wte-html-xss(10453) | URL:http://www.iss.net/security_center/static/10453.php

CVE-2002-1168

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

Proposed (20030317)

AIXAPAR:IY35139 | BID:6001 | URL:http://www.securityfocus.com/bid/6001 | VULNWATCH:20021023 R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues | XF:ibm-wte-header-injection(10454) | URL:http://www.iss.net/security_center/static/10454.php

CVE-2002-1181

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.

Modified (20061101)

BID:6068 | URL:http://www.securityfocus.com/bid/6068 | BID:6072 | URL:http://www.securityfocus.com/bid/6072 | BUGTRAQ:20021105 [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability | URL:http://marc.info/?l=bugtraq&m=103651224215736&w=2 | CIAC:N-011 | URL:http://www.ciac.org/ciac/bulletins/n-011.shtml | MISC:http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html | MS:MS02-062 | URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 | OVAL:oval:org.mitre.oval:def:942 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A942 | OVAL:oval:org.mitre.oval:def:944 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A944 | XF:iis-admin-pages-xss(10501) | URL:http://www.iss.net/security_center/static/10501.php

CVE-2002-1187

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.

BID:5672 | URL:http://www.securityfocus.com/bid/5672 | BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE) | URL:http://marc.info/?l=bugtraq&m=103158601431054&w=2 | MS:MS02-066 | URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | OSVDB:2998 | URL:http://www.osvdb.org/2998 | OVAL:oval:org.mitre.oval:def:203 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A203 | OVAL:oval:org.mitre.oval:def:225 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A225 | XF:ie-frame-script-execution (10066) | URL:http://www.iss.net/security_center/static/10066.php

CVE-2002-1195

Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.

BID:5699 | URL:http://www.securityfocus.com/bid/5699 | BUGTRAQ:20020912 ht://Check XSS | URL:http://marc.info/?l=bugtraq&m=103184269605160&w=2 | DEBIAN:DSA-169 | URL:http://www.debian.org/security/2002/dsa-169 | XF:htcheck-server-header-xss(10089) | URL:http://www.iss.net/security_center/static/10089.php

CVE-2002-1276

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.

Modified (20071113)

BID:7019 | URL:http://www.securityfocus.com/bid/7019 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471 | DEBIAN:DSA-191 | URL:http://www.debian.org/security/2002/dsa-191 | REDHAT:RHSA-2003:042 | URL:http://www.redhat.com/support/errata/RHSA-2003-042.html | SECUNIA:8220 | URL:http://secunia.com/advisories/8220 | XF:squirrelmail-striptags-phpself-xss(10634) | URL:http://www.iss.net/security_center/static/10634.php

CVE-2002-1307

Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.

BID:6204 | URL:http://www.securityfocus.com/bid/6204 | CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com | DEBIAN:DSA-199 | URL:http://www.debian.org/security/2002/dsa-199 | OSVDB:7353 | URL:http://www.osvdb.org/7353 | XF:mhonarc-mime-header-xss(10666) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10666

CVE-2002-1315

Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).

Modified (20071014)

BID:6202 | URL:http://www.securityfocus.com/bid/6202 | BUGTRAQ:20021119 iPlanet WebServer, remote root compromise | URL:http://marc.info/?l=bugtraq&m=103772308030269&w=2 | MISC:http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt | SUNALERT:49475 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1 | VULNWATCH:20021118 iPlanet WebServer, remote root compromise | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html | XF:iplanet-admin-log-xss(10692) | URL:http://www.iss.net/security_center/static/10692.php

CVE-2002-1316

importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).

Modified (20071014)

BID:6203 | URL:http://www.securityfocus.com/bid/6203 | BUGTRAQ:20021119 iPlanet WebServer, remote root compromise | URL:http://marc.info/?l=bugtraq&m=103772308030269&w=2 | MISC:http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt | SUNALERT:49475 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1 | VULNWATCH:20021118 iPlanet WebServer, remote root compromise | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html | XF:iplanet-perl-command-execution(10693) | URL:http://www.iss.net/security_center/static/10693.php

CVE-2002-1334

Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi.

Modified (20080226)

BID:6265 | URL:http://www.securityfocus.com/bid/6265 | BUGTRAQ:20021127 Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software | URL:http://marc.info/?l=bugtraq&m=103842773205148&w=2 | SECTRACK:1005681 | URL:http://securitytracker.com/id?1005681 | XF:imagefolio-imagefolio-nphbuild-xss(10718) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10718

CVE-2002-1335

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.

Modified (20071129)

BID:6793 | URL:http://www.securityfocus.com/bid/6793 | CONFIRM:http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.html | CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=124484 | DEBIAN:DSA-249 | URL:http://www.debian.org/security/2003/dsa-249 | DEBIAN:DSA-250 | URL:http://www.debian.org/security/2003/dsa-250 | DEBIAN:DSA-251 | URL:http://www.debian.org/security/2003/dsa-251 | OPENPKG:OpenPKG-SA-2003.009 | URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.html | OSVDB:6981 | URL:http://www.osvdb.org/6981 | REDHAT:RHSA-2003:044 | URL:http://www.redhat.com/support/errata/RHSA-2003-044.html | REDHAT:RHSA-2003:045 | URL:http://www.redhat.com/support/errata/RHSA-2003-045.html | SECUNIA:8015 | URL:http://secunia.com/advisories/8015 | SECUNIA:8016 | URL:http://secunia.com/advisories/8016 | SECUNIA:8031 | URL:http://secunia.com/advisories/8031 | SECUNIA:8053 | URL:http://secunia.com/advisories/8053 | XF:w3m-html-frame-xss(10842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10842

CVE-2002-1341

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

Modified (20071113)

BID:6302 | URL:http://www.securityfocus.com/bid/6302 | BUGTRAQ:20021203 Re: SquirrelMail v1.2.9 XSS bugs | URL:http://marc.info/?l=bugtraq&m=103911130503272&w=2 | BUGTRAQ:20021203 SquirrelMail v1.2.9 XSS bugs | URL:http://marc.info/?l=bugtraq&m=103893844126484&w=2 | BUGTRAQ:20021215 GLSA: squirrelmail | URL:http://marc.info/?l=bugtraq&m=104004924002662&w=2 | DEBIAN:DSA-220 | URL:http://www.debian.org/security/2002/dsa-220 | MISC:http://f0kp.iplus.ru/bz/008.txt | REDHAT:RHSA-2003:042 | URL:http://www.redhat.com/support/errata/RHSA-2003-042.html | SECUNIA:8220 | URL:http://secunia.com/advisories/8220 | XF:squirrelmail-readbody-xss(10754) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10754

CVE-2002-1388

Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.

BID:6479 | URL:http://www.securityfocus.com/bid/6479 | CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com | DEBIAN:DSA-221 | URL:http://www.debian.org/security/2002/dsa-221 | XF:mhonarc-m2htexthtml-filter-xss(10950) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10950

CVE-2002-1434

Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.

Proposed (20030317)

BID:5507 | URL:http://www.securityfocus.com/bid/5507 | BUGTRAQ:20020819 Kerio Mail Server Multiple Security Vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html | XF:kerio-webserver-webmail-xss(9905) | URL:http://www.iss.net/security_center/static/9905.php

CVE-2002-1445

Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.

Proposed (20030317)

BID:5447 | URL:http://www.securityfocus.com/bid/5447 | BUGTRAQ:20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html | XF:cern-proxy-xss(9834) | URL:http://www.iss.net/security_center/static/9834.php

CVE-2002-1453

Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message.

Proposed (20030317)

BID:5470 | URL:http://www.securityfocus.com/bid/5470 | BUGTRAQ:20020814 new bugs in MyWebServer | URL:http://marc.info/?l=bugtraq&m=102935720109934&w=2 | VULNWATCH:20020814 new bugs in MyWebServer | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html | XF:mywebserver-long-http-xss(9861) | URL:http://www.iss.net/security_center/static/9861.php

CVE-2002-1455

Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe.

Proposed (20030317)

BUGTRAQ:20020825 More OmniHTTPd Problems | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html | BUGTRAQ:20020825 OmniHTTPd test.php Cross-Site Scripting Issue | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html | BUGTRAQ:20020825 OmniHTTPd test.shtml Cross-Site Scripting Issue | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html

CVE-2002-1464

Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.

Proposed (20030317)

BID:5455 | URL:http://www.securityfocus.com/bid/5455 | BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package | URL:http://online.securityfocus.com/archive/1/287228 | VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html | XF:b2-gpc-xss(9835) | URL:http://www.iss.net/security_center/static/9835.php

CVE-2002-1480

Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.

Proposed (20030317)

BID:5676 | URL:http://www.securityfocus.com/bid/5676 | BUGTRAQ:20020909 phpGB: cross site scripting bug | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html | XF:phpgb-entry-deletion-xss(10060) | URL:http://www.iss.net/security_center/static/10060.php

CVE-2002-1493

Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.

BID:5728 | URL:http://www.securityfocus.com/bid/5728 | BUGTRAQ:20020914 Lycos HTMLGear Guestbook Script Injection Vulnerability | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html | VULNWATCH:20020926 [VulnWatch] BugTraq ID: 5728 | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html | XF:guestgear-img-xss(12235) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/12235

CVE-2002-1494

Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.

BID:5618 | URL:http://www.securityfocus.com/bid/5618 | BUGTRAQ:20020903 Cross-Site Scripting in Aestiva's HTML/OS | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0026.html | XF:aestiva-htmlos-cgi-xss(10029) | URL:http://www.iss.net/security_center/static/10029.php

CVE-2002-1495

Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.

Proposed (20030317)

BID:5771 | URL:http://www.securityfocus.com/bid/5771 | BUGTRAQ:20020922 JAWmail XSS | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0270.html | XF:jawmail-mail-message-xss(10152) | URL:http://www.iss.net/security_center/static/10152.php

CVE-2002-1497

Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.

BID:5603 | URL:http://www.securityfocus.com/bid/5603 | BUGTRAQ:20020902 XSS in Null HTTPd | CONFIRM:http://freshmeat.net/releases/97910/ | XF:null-httpd-xss(10004) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10004

CVE-2002-1526

Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.

Modified (20071016)

BID:5824 | URL:http://www.securityfocus.com/bid/5824 | VULNWATCH:20020926 [VulnWatch] EMU Webmail 5.0 XSS vuln, and webroot path disclosure | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html | XF:emu-webmail-address-xss(10205) | URL:http://www.iss.net/security_center/static/10205.php

CVE-2002-1529

Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter.

BID:5928 | URL:http://www.securityfocus.com/bid/5928 | BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server | URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html | XF:superscout-emailfilter-error-xss(10319) | URL:http://www.iss.net/security_center/static/10319.php

CVE-2002-1533

Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).

Proposed (20030317)

BID:5821 | URL:http://www.securityfocus.com/bid/5821 | BUGTRAQ:20020928 Jetty jsp/servlet engine xss / uname disclosure vuln | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0337.html | XF:jetty-http-xss(10219) | URL:http://www.iss.net/security_center/static/10219.php

CVE-2002-1567

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.

Assigned (20030918)

CONFIRM:http://tomcat.apache.org/security-4.html | MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ | URL:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E | MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ | URL:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E | MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ | URL:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E | VULN-DEV:20020821 Apache Tomcat 4.1 Cross-Site Scripting Vulnerability | URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html

CVE-2002-1636

Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.

Assigned (20050328)

MISC:http://www.nextgenss.com/papers/hpoas.pdf | XF:oracle-htpprint-xss(10687) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10687

CVE-2002-1640

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.

Assigned (20050328)

BID:4430 | URL:http://www.securityfocus.com/bid/4430 | BID:4436 | URL:http://www.securityfocus.com/bid/4436 | CONFIRM:http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html | SECTRACK:1003967 | URL:http://securitytracker.com/id?1003967 | XF:oracle-configurator-dhtml-css(8780) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8780 | XF:oracle-configurator-uiservlet-css(8781) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8781

CVE-2002-1649

Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.

Assigned (20050328)

BID:3956 | URL:http://www.securityfocus.com/bid/3956 | BUGTRAQ:20020124 Vulnerabilities in squirrelmail | URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html | CERT-VN:VU#153043 | URL:http://www.kb.cert.org/vuls/id/153043 | XF:squirrelmail-html-execute-script(7989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7989

CVE-2002-1651

Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions.

Assigned (20050329)

BID:5102 | URL:http://www.securityfocus.com/bid/5102 | CERT-VN:VU#636431 | URL:http://www.kb.cert.org/vuls/id/636431 | XF:verity-search97-xss(9441) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9441

CVE-2002-1662

Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.

Assigned (20050519)

BID:6386 | URL:http://www.securityfocus.com/bid/6386 | BUGTRAQ:20021212 Multiple Mambo Site Server sec-weaknesses | URL:http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html | XF:mambo-name-field-xss(10859) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10859 | XF:mambo-search-xss(10854) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10854

CVE-2002-1678

Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.

Assigned (20050621)

BID:4349 | URL:http://www.securityfocus.com/bid/4349 | BUGTRAQ:20020322 RE: memberlist.php of vBulletin | URL:http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2 | BUGTRAQ:20020322 memberlist.php of vBulletin | URL:http://online.securityfocus.com/archive/1/263609 | XF:vbulletin-memberlist-execute-code(8619) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8619

CVE-2002-1679

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.

Assigned (20050621)

BID:4008 | URL:http://www.securityfocus.com/bid/4008 | BUGTRAQ:20020131 Fairly serious vulnerability in vBulletin 2.2.0 | URL:http://online.securityfocus.com/archive/1/253365 | BUGTRAQ:20020131 Semi-serious vulnerability in vBulletin 2.2.0 | URL:http://online.securityfocus.com/archive/1/253371 | XF:vbulletin-bbs-css(8039) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8039

CVE-2002-1680

Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi.

Assigned (20050621)

BID:3914 | URL:http://www.securityfocus.com/bid/3914 | BID:3921 | URL:http://www.securityfocus.com/bid/3921 | VULN-DEV:20020121 Security holes in COWS (CGI Online Worldweb Shopping) | URL:http://online.securityfocus.com/archive/82/251570 | XF:cows-cgi-css(7986) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7986

CVE-2002-1681

Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph <P> tag.

Assigned (20050621)

BID:5140 | URL:http://www.securityfocus.com/bid/5140 | BUGTRAQ:20020702 Re: XSS in Slashcode | URL:http://online.securityfocus.com/archive/1/280255 | BUGTRAQ:20020702 XSS in Slashcode | URL:http://online.securityfocus.com/archive/1/280218 | XF:slashcode-cvs-xss(9473) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9473

CVE-2002-1683

Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.

Assigned (20050621)

BID:5179 | URL:http://www.securityfocus.com/bid/5179 | BUGTRAQ:20020708 BadBlue 1.73 EXT.DLL XSS Variant | URL:http://online.securityfocus.com/archive/1/281141 | XF:badblue-cleansearchstring-xss(9514) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9514


Page created:

CVE year by year statistics.

CVE year statistics by common vulnerability domain.

Latest data from: 2024-03-25