The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
CVE ID | Name | Status | References |
---|---|---|---|
CVE-2000-1105 | The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled. |
Proposed (20001219) | BID:1933 | URL:http://www.securityfocus.com/bid/1933 | BUGTRAQ:20001110 IE 5.x Win2000 Indexing service vulnerability | URL:http://www.securityfocus.com/archive/1/144270 | WIN2KSEC:20001110 IE 5.x Win2000 Indexing service vulnerability | URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0074.html |
CVE-2001-1416 | Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags. |
Assigned (20050320) | CERT-VN:VU#541384 | URL:http://www.kb.cert.org/vuls/id/541384 | CONFIRM:http://www.kb.cert.org/vuls/id/JARL-56TPBQ | URL:http://www.kb.cert.org/vuls/id/JARL-56TPBQ | MISC:http://www.windowsitpro.com/Articles/Index.cfm?ArticleID=19811&DisplayTab=Article | URL:http://www.windowsitpro.com/Articles/Index.cfm?ArticleID=19811&DisplayTab=Article |
CVE-2001-1441 | Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message. |
Assigned (20050421) | BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability | URL:http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html | CERT-VN:VU#270083 | URL:http://www.kb.cert.org/vuls/id/270083 | XF:java-servlet-crosssite-scripting(6793) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6793 |
CVE-2001-1516 | Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews. |
Assigned (20050714) | BID:3380 | URL:http://www.securityfocus.com/bid/3380 | XF:phpreview-cross-site-scripting(7218) | URL:http://www.iss.net/security_center/static/7218.php |
CVE-2001-1521 | Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. |
Assigned (20050714) | BID:3609 | URL:http://www.securityfocus.com/bid/3609 | BUGTRAQ:20011203 Phpnuke Cross site scripting vulnerability | URL:http://online.securityfocus.com/archive/82/243545 | BUGTRAQ:20011215 PHPNuke holes | URL:http://online.securityfocus.com/archive/1/245691 | XF:phpnuke-postnuke-css(7654) | URL:http://www.iss.net/security_center/static/7654.php |
CVE-2001-1522 | Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. |
Assigned (20050714) | VULN-DEV:20011215 Security hole in IMessenger ( PHP-Nuke ) | URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0848.html | VULN-DEV:20011215 Serious bug in IMessenger ( php-nuke ) | URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0851.html |
CVE-2001-1523 | Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter. |
Assigned (20050714) | VULN-DEV:20011216 CSS in DMOZGateway ( php-nuke ) | URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0853.html |
CVE-2001-1524 | Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php. |
Assigned (20050714) | BID:3609 | URL:http://www.securityfocus.com/bid/3609 | BUGTRAQ:20011203 Phpnuke Cross site scripting vulnerability | URL:http://online.securityfocus.com/archive/82/243545 | BUGTRAQ:20011215 PHPNuke holes | URL:http://online.securityfocus.com/archive/1/245691 | BUGTRAQ:20011216 Phpnuke module.php vulnerability and php error_reporting issue | URL:http://online.securityfocus.com/archive/1/245875 | CONFIRM:http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz | VULN-DEV:20011220 1 last CSS hole in PHPNuke :) | URL:http://online.securityfocus.com/archive/82/246603 | XF:phpnuke-postnuke-css(7654) | URL:http://www.iss.net/security_center/static/7654.php |
CVE-2001-1526 | Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. |
Assigned (20050714) | BUGTRAQ:20011201 easynews 1.5 let's remote users modify database | URL:http://archives.neohapsis.com/archives/bugtraq/2001-12/0000.html | XF:easynews-php-css(7658) | URL:http://www.iss.net/security_center/static/7658.php |
CVE-2002-0840 | Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. |
BID:5847 | URL:http://www.securityfocus.com/bid/5847 | BUGTRAQ:20021002 Apache 2 Cross-Site Scripting | URL:http://marc.info/?l=bugtraq&m=103357160425708&w=2 | BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) | URL:http://marc.info/?l=bugtraq&m=103376585508776&w=2 | BUGTRAQ:20021017 TSLSA-2002-0069-apache | URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html | CERT-VN:VU#240329 | URL:http://www.kb.cert.org/vuls/id/240329 | CONECTIVA:CLA-2002:530 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 | CONFIRM:http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 | CONFIRM:http://www.apacheweek.com/issues/02-10-04 | DEBIAN:DSA-187 | URL:http://www.debian.org/security/2002/dsa-187 | DEBIAN:DSA-188 | URL:http://www.debian.org/security/2002/dsa-188 | DEBIAN:DSA-195 | URL:http://www.debian.org/security/2002/dsa-195 | ENGARDE:ESA-20021007-024 | URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html | HP:HPSBUX0210-224 | URL:http://online.securityfocus.com/advisories/4617 | MANDRAKE:MDKSA-2002:068 | URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php | MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ | URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ | URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ | URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ | URL:https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E | OSVDB:862 | URL:http://www.osvdb.org/862 | REDHAT:RHSA-2002:222 | URL:http://www.redhat.com/support/errata/RHSA-2002-222.html | REDHAT:RHSA-2002:243 | URL:http://www.redhat.com/support/errata/RHSA-2002-243.html | REDHAT:RHSA-2002:244 | URL:http://www.redhat.com/support/errata/RHSA-2002-244.html | REDHAT:RHSA-2002:248 | URL:http://www.redhat.com/support/errata/RHSA-2002-248.html | REDHAT:RHSA-2002:251 | URL:http://www.redhat.com/support/errata/RHSA-2002-251.html | REDHAT:RHSA-2003:106 | URL:http://www.redhat.com/support/errata/RHSA-2003-106.html | SGI:20021105-02-I | URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I | VULNWATCH:20021002 Apache 2 Cross-Site Scripting | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html | XF:apache-http-host-xss(10241) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10241 |
|
CVE-2002-1006 | Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl. |
BID:5135 | URL:http://www.securityfocus.com/bid/5135 | BUGTRAQ:20020701 PTL-2002-03 Betsie XSS Vuln | URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0002.html | CONFIRM:http://www.bbc.co.uk/education/betsie/parser.pl.txt | XF:betsie-parserl-xss(9468) | URL:http://www.iss.net/security_center/static/9468.php |
|
CVE-2002-1053 | Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message. |
BID:5506 | URL:http://www.securityfocus.com/bid/5506 | BUGTRAQ:20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST) | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html | CONFIRM:http://www.w3.org/Jigsaw/RelNotes.html#2.2.1 | OSVDB:4015 | URL:http://www.osvdb.org/4015 | XF:jigsaw-http-proxy-xss(9914) | URL:http://www.iss.net/security_center/static/9914.php |
|
CVE-2002-1060 | Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page. |
BID:5305 | URL:http://www.securityfocus.com/bid/5305 | BID:5608 | URL:http://www.securityfocus.com/bid/5608 | BUGTRAQ:20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability | URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html | BUGTRAQ:20020903 Re: CacheFlow CacheOS Cross-site Scripting Vulnerability | CONFIRM:http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm | XF:cacheos-unresolved-error-xss(9674) | URL:http://www.iss.net/security_center/static/9674.php |
|
CVE-2002-1167 | Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. |
Proposed (20030317) | AIXAPAR:IY24527 | BID:6000 | URL:http://www.securityfocus.com/bid/6000 | VULNWATCH:20021023 R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues | XF:ibm-wte-html-xss(10453) | URL:http://www.iss.net/security_center/static/10453.php |
CVE-2002-1168 | Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. |
Proposed (20030317) | AIXAPAR:IY35139 | BID:6001 | URL:http://www.securityfocus.com/bid/6001 | VULNWATCH:20021023 R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues | XF:ibm-wte-header-injection(10454) | URL:http://www.iss.net/security_center/static/10454.php |
CVE-2002-1181 | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. |
Modified (20061101) | BID:6068 | URL:http://www.securityfocus.com/bid/6068 | BID:6072 | URL:http://www.securityfocus.com/bid/6072 | BUGTRAQ:20021105 [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability | URL:http://marc.info/?l=bugtraq&m=103651224215736&w=2 | CIAC:N-011 | URL:http://www.ciac.org/ciac/bulletins/n-011.shtml | MISC:http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html | MS:MS02-062 | URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 | OVAL:oval:org.mitre.oval:def:942 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A942 | OVAL:oval:org.mitre.oval:def:944 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A944 | XF:iis-admin-pages-xss(10501) | URL:http://www.iss.net/security_center/static/10501.php |
CVE-2002-1187 | Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. |
BID:5672 | URL:http://www.securityfocus.com/bid/5672 | BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE) | URL:http://marc.info/?l=bugtraq&m=103158601431054&w=2 | MS:MS02-066 | URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066 | OSVDB:2998 | URL:http://www.osvdb.org/2998 | OVAL:oval:org.mitre.oval:def:203 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A203 | OVAL:oval:org.mitre.oval:def:225 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A225 | XF:ie-frame-script-execution (10066) | URL:http://www.iss.net/security_center/static/10066.php |
|
CVE-2002-1195 | Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. |
BID:5699 | URL:http://www.securityfocus.com/bid/5699 | BUGTRAQ:20020912 ht://Check XSS | URL:http://marc.info/?l=bugtraq&m=103184269605160&w=2 | DEBIAN:DSA-169 | URL:http://www.debian.org/security/2002/dsa-169 | XF:htcheck-server-header-xss(10089) | URL:http://www.iss.net/security_center/static/10089.php |
|
CVE-2002-1276 | An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. |
Modified (20071113) | BID:7019 | URL:http://www.securityfocus.com/bid/7019 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471 | DEBIAN:DSA-191 | URL:http://www.debian.org/security/2002/dsa-191 | REDHAT:RHSA-2003:042 | URL:http://www.redhat.com/support/errata/RHSA-2003-042.html | SECUNIA:8220 | URL:http://secunia.com/advisories/8220 | XF:squirrelmail-striptags-phpself-xss(10634) | URL:http://www.iss.net/security_center/static/10634.php |
CVE-2002-1307 | Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name. |
BID:6204 | URL:http://www.securityfocus.com/bid/6204 | CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com | DEBIAN:DSA-199 | URL:http://www.debian.org/security/2002/dsa-199 | OSVDB:7353 | URL:http://www.osvdb.org/7353 | XF:mhonarc-mime-header-xss(10666) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10666 |
|
CVE-2002-1315 | Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316). |
Modified (20071014) | BID:6202 | URL:http://www.securityfocus.com/bid/6202 | BUGTRAQ:20021119 iPlanet WebServer, remote root compromise | URL:http://marc.info/?l=bugtraq&m=103772308030269&w=2 | MISC:http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt | SUNALERT:49475 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1 | VULNWATCH:20021118 iPlanet WebServer, remote root compromise | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html | XF:iplanet-admin-log-xss(10692) | URL:http://www.iss.net/security_center/static/10692.php |
CVE-2002-1316 | importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315). |
Modified (20071014) | BID:6203 | URL:http://www.securityfocus.com/bid/6203 | BUGTRAQ:20021119 iPlanet WebServer, remote root compromise | URL:http://marc.info/?l=bugtraq&m=103772308030269&w=2 | MISC:http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt | SUNALERT:49475 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1 | VULNWATCH:20021118 iPlanet WebServer, remote root compromise | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html | XF:iplanet-perl-command-execution(10693) | URL:http://www.iss.net/security_center/static/10693.php |
CVE-2002-1334 | Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi. |
Modified (20080226) | BID:6265 | URL:http://www.securityfocus.com/bid/6265 | BUGTRAQ:20021127 Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software | URL:http://marc.info/?l=bugtraq&m=103842773205148&w=2 | SECTRACK:1005681 | URL:http://securitytracker.com/id?1005681 | XF:imagefolio-imagefolio-nphbuild-xss(10718) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10718 |
CVE-2002-1335 | Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies. |
Modified (20071129) | BID:6793 | URL:http://www.securityfocus.com/bid/6793 | CONFIRM:http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.html | CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=124484 | DEBIAN:DSA-249 | URL:http://www.debian.org/security/2003/dsa-249 | DEBIAN:DSA-250 | URL:http://www.debian.org/security/2003/dsa-250 | DEBIAN:DSA-251 | URL:http://www.debian.org/security/2003/dsa-251 | OPENPKG:OpenPKG-SA-2003.009 | URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.009.html | OSVDB:6981 | URL:http://www.osvdb.org/6981 | REDHAT:RHSA-2003:044 | URL:http://www.redhat.com/support/errata/RHSA-2003-044.html | REDHAT:RHSA-2003:045 | URL:http://www.redhat.com/support/errata/RHSA-2003-045.html | SECUNIA:8015 | URL:http://secunia.com/advisories/8015 | SECUNIA:8016 | URL:http://secunia.com/advisories/8016 | SECUNIA:8031 | URL:http://secunia.com/advisories/8031 | SECUNIA:8053 | URL:http://secunia.com/advisories/8053 | XF:w3m-html-frame-xss(10842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10842 |
CVE-2002-1341 | Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. |
Modified (20071113) | BID:6302 | URL:http://www.securityfocus.com/bid/6302 | BUGTRAQ:20021203 Re: SquirrelMail v1.2.9 XSS bugs | URL:http://marc.info/?l=bugtraq&m=103911130503272&w=2 | BUGTRAQ:20021203 SquirrelMail v1.2.9 XSS bugs | URL:http://marc.info/?l=bugtraq&m=103893844126484&w=2 | BUGTRAQ:20021215 GLSA: squirrelmail | URL:http://marc.info/?l=bugtraq&m=104004924002662&w=2 | DEBIAN:DSA-220 | URL:http://www.debian.org/security/2002/dsa-220 | MISC:http://f0kp.iplus.ru/bz/008.txt | REDHAT:RHSA-2003:042 | URL:http://www.redhat.com/support/errata/RHSA-2003-042.html | SECUNIA:8220 | URL:http://secunia.com/advisories/8220 | XF:squirrelmail-readbody-xss(10754) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10754 |
CVE-2002-1388 | Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages. |
BID:6479 | URL:http://www.securityfocus.com/bid/6479 | CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com | DEBIAN:DSA-221 | URL:http://www.debian.org/security/2002/dsa-221 | XF:mhonarc-m2htexthtml-filter-xss(10950) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10950 |
|
CVE-2002-1434 | Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs. |
Proposed (20030317) | BID:5507 | URL:http://www.securityfocus.com/bid/5507 | BUGTRAQ:20020819 Kerio Mail Server Multiple Security Vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html | XF:kerio-webserver-webmail-xss(9905) | URL:http://www.iss.net/security_center/static/9905.php |
CVE-2002-1445 | Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page. |
Proposed (20030317) | BID:5447 | URL:http://www.securityfocus.com/bid/5447 | BUGTRAQ:20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html | XF:cern-proxy-xss(9834) | URL:http://www.iss.net/security_center/static/9834.php |
CVE-2002-1453 | Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message. |
Proposed (20030317) | BID:5470 | URL:http://www.securityfocus.com/bid/5470 | BUGTRAQ:20020814 new bugs in MyWebServer | URL:http://marc.info/?l=bugtraq&m=102935720109934&w=2 | VULNWATCH:20020814 new bugs in MyWebServer | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html | XF:mywebserver-long-http-xss(9861) | URL:http://www.iss.net/security_center/static/9861.php |
CVE-2002-1455 | Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe. |
Proposed (20030317) | BUGTRAQ:20020825 More OmniHTTPd Problems | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html | BUGTRAQ:20020825 OmniHTTPd test.php Cross-Site Scripting Issue | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html | BUGTRAQ:20020825 OmniHTTPd test.shtml Cross-Site Scripting Issue | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html |
CVE-2002-1464 | Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable. |
Proposed (20030317) | BID:5455 | URL:http://www.securityfocus.com/bid/5455 | BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package | URL:http://online.securityfocus.com/archive/1/287228 | VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html | XF:b2-gpc-xss(9835) | URL:http://www.iss.net/security_center/static/9835.php |
CVE-2002-1480 | Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry. |
Proposed (20030317) | BID:5676 | URL:http://www.securityfocus.com/bid/5676 | BUGTRAQ:20020909 phpGB: cross site scripting bug | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html | XF:phpgb-entry-deletion-xss(10060) | URL:http://www.iss.net/security_center/static/10060.php |
CVE-2002-1493 | Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag. |
BID:5728 | URL:http://www.securityfocus.com/bid/5728 | BUGTRAQ:20020914 Lycos HTMLGear Guestbook Script Injection Vulnerability | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html | VULNWATCH:20020926 [VulnWatch] BugTraq ID: 5728 | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html | XF:guestgear-img-xss(12235) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/12235 |
|
CVE-2002-1494 | Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message. |
BID:5618 | URL:http://www.securityfocus.com/bid/5618 | BUGTRAQ:20020903 Cross-Site Scripting in Aestiva's HTML/OS | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0026.html | XF:aestiva-htmlos-cgi-xss(10029) | URL:http://www.iss.net/security_center/static/10029.php |
|
CVE-2002-1495 | Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver. |
Proposed (20030317) | BID:5771 | URL:http://www.securityfocus.com/bid/5771 | BUGTRAQ:20020922 JAWmail XSS | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0270.html | XF:jawmail-mail-message-xss(10152) | URL:http://www.iss.net/security_center/static/10152.php |
CVE-2002-1497 | Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response. |
BID:5603 | URL:http://www.securityfocus.com/bid/5603 | BUGTRAQ:20020902 XSS in Null HTTPd | CONFIRM:http://freshmeat.net/releases/97910/ | XF:null-httpd-xss(10004) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10004 |
|
CVE-2002-1526 | Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field. |
Modified (20071016) | BID:5824 | URL:http://www.securityfocus.com/bid/5824 | VULNWATCH:20020926 [VulnWatch] EMU Webmail 5.0 XSS vuln, and webroot path disclosure | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html | XF:emu-webmail-address-xss(10205) | URL:http://www.iss.net/security_center/static/10205.php |
CVE-2002-1529 | Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter. |
BID:5928 | URL:http://www.securityfocus.com/bid/5928 | BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server | URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html | XF:superscout-emailfilter-error-xss(10319) | URL:http://www.iss.net/security_center/static/10319.php |
|
CVE-2002-1533 | Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a). |
Proposed (20030317) | BID:5821 | URL:http://www.securityfocus.com/bid/5821 | BUGTRAQ:20020928 Jetty jsp/servlet engine xss / uname disclosure vuln | URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0337.html | XF:jetty-http-xss(10219) | URL:http://www.iss.net/security_center/static/10219.php |
CVE-2002-1567 | Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script. |
Assigned (20030918) | CONFIRM:http://tomcat.apache.org/security-4.html | MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ | URL:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E | MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ | URL:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E | MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ | URL:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E | VULN-DEV:20020821 Apache Tomcat 4.1 Cross-Site Scripting Vulnerability | URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html |
CVE-2002-1636 | Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. |
Assigned (20050328) | MISC:http://www.nextgenss.com/papers/hpoas.pdf | XF:oracle-htpprint-xss(10687) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10687 |
CVE-2002-1640 | Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet. |
Assigned (20050328) | BID:4430 | URL:http://www.securityfocus.com/bid/4430 | BID:4436 | URL:http://www.securityfocus.com/bid/4436 | CONFIRM:http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html | SECTRACK:1003967 | URL:http://securitytracker.com/id?1003967 | XF:oracle-configurator-dhtml-css(8780) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8780 | XF:oracle-configurator-uiservlet-css(8781) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8781 |
CVE-2002-1649 | Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. |
Assigned (20050328) | BID:3956 | URL:http://www.securityfocus.com/bid/3956 | BUGTRAQ:20020124 Vulnerabilities in squirrelmail | URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html | CERT-VN:VU#153043 | URL:http://www.kb.cert.org/vuls/id/153043 | XF:squirrelmail-html-execute-script(7989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7989 |
CVE-2002-1651 | Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions. |
Assigned (20050329) | BID:5102 | URL:http://www.securityfocus.com/bid/5102 | CERT-VN:VU#636431 | URL:http://www.kb.cert.org/vuls/id/636431 | XF:verity-search97-xss(9441) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9441 |
CVE-2002-1662 | Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. |
Assigned (20050519) | BID:6386 | URL:http://www.securityfocus.com/bid/6386 | BUGTRAQ:20021212 Multiple Mambo Site Server sec-weaknesses | URL:http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html | XF:mambo-name-field-xss(10859) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10859 | XF:mambo-search-xss(10854) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10854 |
CVE-2002-1678 | Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits. |
Assigned (20050621) | BID:4349 | URL:http://www.securityfocus.com/bid/4349 | BUGTRAQ:20020322 RE: memberlist.php of vBulletin | URL:http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2 | BUGTRAQ:20020322 memberlist.php of vBulletin | URL:http://online.securityfocus.com/archive/1/263609 | XF:vbulletin-memberlist-execute-code(8619) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8619 |
CVE-2002-1679 | Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message. |
Assigned (20050621) | BID:4008 | URL:http://www.securityfocus.com/bid/4008 | BUGTRAQ:20020131 Fairly serious vulnerability in vBulletin 2.2.0 | URL:http://online.securityfocus.com/archive/1/253365 | BUGTRAQ:20020131 Semi-serious vulnerability in vBulletin 2.2.0 | URL:http://online.securityfocus.com/archive/1/253371 | XF:vbulletin-bbs-css(8039) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8039 |
CVE-2002-1680 | Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi. |
Assigned (20050621) | BID:3914 | URL:http://www.securityfocus.com/bid/3914 | BID:3921 | URL:http://www.securityfocus.com/bid/3921 | VULN-DEV:20020121 Security holes in COWS (CGI Online Worldweb Shopping) | URL:http://online.securityfocus.com/archive/82/251570 | XF:cows-cgi-css(7986) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7986 |
CVE-2002-1681 | Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph <P> tag. |
Assigned (20050621) | BID:5140 | URL:http://www.securityfocus.com/bid/5140 | BUGTRAQ:20020702 Re: XSS in Slashcode | URL:http://online.securityfocus.com/archive/1/280255 | BUGTRAQ:20020702 XSS in Slashcode | URL:http://online.securityfocus.com/archive/1/280218 | XF:slashcode-cvs-xss(9473) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9473 |
CVE-2002-1683 | Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function. |
Assigned (20050621) | BID:5179 | URL:http://www.securityfocus.com/bid/5179 | BUGTRAQ:20020708 BadBlue 1.73 EXT.DLL XSS Variant | URL:http://online.securityfocus.com/archive/1/281141 | XF:badblue-cleansearchstring-xss(9514) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9514 |
Page created: