Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
Max CVSS
7.5
EPSS Score
8.52%
Published
2002-04-22
Updated
2020-11-23
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
Max CVSS
7.5
EPSS Score
6.76%
Published
2002-04-22
Updated
2020-11-23
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
Max CVSS
7.5
EPSS Score
9.40%
Published
2002-03-25
Updated
2008-09-05
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
Max CVSS
7.5
EPSS Score
2.41%
Published
2002-03-25
Updated
2008-11-04
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
Max CVSS
7.5
EPSS Score
40.36%
Published
2002-04-22
Updated
2020-11-23
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
Max CVSS
7.5
EPSS Score
1.85%
Published
2002-04-22
Updated
2008-09-11
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
Max CVSS
7.5
EPSS Score
1.60%
Published
2002-04-22
Updated
2016-10-18
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
Max CVSS
7.5
EPSS Score
0.61%
Published
2002-07-03
Updated
2018-10-12
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
Max CVSS
7.5
EPSS Score
17.84%
Published
2002-05-29
Updated
2021-07-23
Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.
Max CVSS
7.5
EPSS Score
0.76%
Published
2002-05-16
Updated
2016-10-18
Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.
Max CVSS
7.5
EPSS Score
1.44%
Published
2002-05-16
Updated
2008-09-11
Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.
Max CVSS
5.0
EPSS Score
1.60%
Published
2002-05-16
Updated
2016-10-18
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.
Max CVSS
7.5
EPSS Score
0.87%
Published
2002-05-29
Updated
2016-10-18
Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
Max CVSS
7.5
EPSS Score
1.26%
Published
2002-05-29
Updated
2021-07-23
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
Max CVSS
7.5
EPSS Score
0.73%
Published
2002-05-29
Updated
2016-10-18
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
Max CVSS
7.5
EPSS Score
5.87%
Published
2002-05-29
Updated
2016-10-18
Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
Max CVSS
7.5
EPSS Score
1.19%
Published
2002-05-29
Updated
2021-07-23
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
Max CVSS
4.3
EPSS Score
0.11%
Published
2002-05-29
Updated
2016-10-18
Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.
Max CVSS
5.1
EPSS Score
0.74%
Published
2002-05-31
Updated
2017-07-11
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.
Max CVSS
2.6
EPSS Score
0.54%
Published
2002-05-31
Updated
2016-10-18
Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag.
Max CVSS
7.5
EPSS Score
2.76%
Published
2002-06-25
Updated
2021-04-29
Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.
Max CVSS
7.5
EPSS Score
3.34%
Published
2002-06-25
Updated
2016-10-18
Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript.
Max CVSS
7.5
EPSS Score
0.61%
Published
2002-06-25
Updated
2016-10-18
Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote attackers to execute arbitrary script as other Ikonboard users and steal cookies via Javascript in an IMG tag.
Max CVSS
7.5
EPSS Score
2.75%
Published
2002-06-25
Updated
2016-10-18
Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.
Max CVSS
7.5
EPSS Score
11.50%
Published
2002-06-25
Updated
2016-10-18
200 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!