Exploit Intelligence Platform

CVE-2002-2339 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags.

CWE-79 Dec 31, 2002

CVE-2002-2424 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag.

CWE-79 Dec 31, 2002

CVE-2002-2364 EPSS 0.00

Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket.

CWE-79 Dec 31, 2002

CVE-2002-2340 EPSS 0.00

Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response.

CWE-79 Dec 31, 2002

CVE-2002-2343 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages.

CWE-79 Dec 31, 2002

CVE-2002-2347 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.

CWE-79 Dec 31, 2002

CVE-2002-2231 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL in a photo URL or (2) an X-Forwarded-For: header.

CWE-79 Dec 31, 2002

CVE-2002-2341 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.

CWE-79 Dec 31, 2002

CVE-2002-2330 EPSS 0.00

Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers.

CWE-79 Dec 31, 2002

CVE-2002-1852 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl.

CWE-79 Dec 31, 2002

CVE-2002-2318 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages.

CWE-79 Dec 31, 2002

CVE-2002-1651 EPSS 0.02

Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions.

CWE-79 Dec 31, 2002

CVE-2002-1958 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field.

CWE-79 Dec 31, 2002

CVE-2002-2278 EPSS 0.00

Cross-site scripting (XSS) vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to inject arbitrary web script or HTML via the (1) $App_Theme, (2) $Rub_Search, (3) $Rub_News, (4) $Rub_File, (5) $Rub_Liens, or (6) $Rub_Faq variables.

CWE-79 Dec 31, 2002

CVE-2002-2296 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter.

CWE-79 Dec 31, 2002

CVE-2002-2273 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL.

CWE-79 Dec 31, 2002

CVE-2002-2255 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode.

CWE-79 Dec 31, 2002

CVE-2002-2246 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page.

CWE-79 Dec 31, 2002

CVE-2002-2260 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page.

CWE-79 Dec 31, 2002

CVE-2002-2321 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter.

CWE-79 Dec 31, 2002