CVE & Exploit Intelligence Database

CVE-2003-0801 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.

CWE-79 Oct 06, 2003

CVE-2003-0310 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.

CWE-79 Jun 16, 2003

CVE-2002-2376 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605.

CWE-79 Dec 31, 2002

CVE-2002-2318 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages.

CWE-79 Dec 31, 2002

CVE-2002-2296 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter.

CWE-79 Dec 31, 2002

CVE-2002-2424 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag.

CWE-79 Dec 31, 2002

CVE-2002-2246 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page.

CWE-79 Dec 31, 2002

CVE-2002-1700 1 PoC Analysis EPSS 0.16

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

CWE-79 Dec 31, 2002

CVE-2002-2260 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page.

CWE-79 Dec 31, 2002

CVE-2002-2347 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.

CWE-79 Dec 31, 2002

CVE-2002-2340 EPSS 0.00

Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response.

CWE-79 Dec 31, 2002

CVE-2002-2231 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL in a photo URL or (2) an X-Forwarded-For: header.

CWE-79 Dec 31, 2002

CVE-2002-1651 EPSS 0.02

Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions.

CWE-79 Dec 31, 2002

CVE-2002-1958 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field.

CWE-79 Dec 31, 2002

CVE-2002-2341 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.

CWE-79 Dec 31, 2002

CVE-2002-2343 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages.

CWE-79 Dec 31, 2002

CVE-2002-2348 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter.

CWE-79 Dec 31, 2002

CVE-2002-2350 EPSS 0.00

Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter.

CWE-79 Dec 31, 2002

CVE-2002-2358 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.

CWE-79 Dec 31, 2002

CVE-2002-2362 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter.

CWE-79 Dec 31, 2002