CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2002(Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-0074 XSS 2002-04-22 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
2 CVE-2002-0075 XSS 2002-04-22 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
3 CVE-2002-0117 Exec Code XSS 2002-03-25 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
4 CVE-2002-0118 Exec Code XSS 2002-03-25 2008-11-04
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
5 CVE-2002-0148 XSS 2002-04-22 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
6 CVE-2002-0166 XSS 2002-04-22 2008-09-11
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
7 CVE-2002-0181 XSS 2002-04-22 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
8 CVE-2002-0187 Sql XSS 2002-07-03 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
9 CVE-2002-0189 XSS 2002-05-29 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
10 CVE-2002-0205 XSS 2002-05-16 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.
11 CVE-2002-0217 XSS 2002-05-16 2008-09-11
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.
12 CVE-2002-0230 XSS 2002-05-16 2016-10-18
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.
13 CVE-2002-0238 XSS 2002-05-29 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.
14 CVE-2002-0242 XSS 2002-05-29 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
15 CVE-2002-0243 XSS 2002-05-29 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
16 CVE-2002-0257 XSS +Info 2002-05-29 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
17 CVE-2002-0269 XSS 2002-05-29 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
18 CVE-2002-0270 79 XSS 2002-05-29 2016-10-18
4.3
None Remote Medium Not required None Partial None
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
19 CVE-2002-0281 +Priv XSS 2002-05-31 2017-07-11
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.
20 CVE-2002-0292 XSS 2002-05-31 2016-10-18
2.6
None Remote High Not required Partial None None
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.
21 CVE-2002-0316 XSS 2002-06-25 2021-04-29
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag.
22 CVE-2002-0319 XSS 2002-06-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.
23 CVE-2002-0326 Exec Code XSS 2002-06-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript.
24 CVE-2002-0328 XSS 2002-06-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote attackers to execute arbitrary script as other Ikonboard users and steal cookies via Javascript in an IMG tag.
25 CVE-2002-0329 XSS 2002-06-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.
26 CVE-2002-0330 Exec Code XSS 2002-06-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag.
27 CVE-2002-0346 XSS 2002-06-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.
28 CVE-2002-0375 XSS 2002-05-29 2017-07-11
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter.
29 CVE-2002-0388 XSS 2002-06-18 2009-07-21
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
30 CVE-2002-0411 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
31 CVE-2002-0413 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
32 CVE-2002-0439 XSS 2002-07-26 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field.
33 CVE-2002-0457 Exec Code XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.
34 CVE-2002-0458 XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
35 CVE-2002-0459 XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
36 CVE-2002-0474 XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag.
37 CVE-2002-0475 XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
38 CVE-2002-0494 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.
39 CVE-2002-0504 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
40 CVE-2002-0520 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.
41 CVE-2002-0521 +Priv XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.
42 CVE-2002-0530 XSS 2002-08-12 2008-09-10
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter.
43 CVE-2002-0535 Exec Code XSS 2002-07-03 2017-07-11
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.
44 CVE-2002-0546 XSS 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
45 CVE-2002-0549 XSS 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users.
46 CVE-2002-0551 Exec Code XSS 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar.
47 CVE-2002-0553 +Priv XSS 2002-07-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.
48 CVE-2002-0590 XSS 2002-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts.
49 CVE-2002-0681 XSS 2002-07-23 2017-12-20
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.
50 CVE-2002-0682 XSS 2002-07-23 2019-03-25
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
Total number of vulnerabilities : 200   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.