CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2002(Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-1453 XSS 2002-08-14 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message.
2 CVE-2002-1445 XSS 2002-08-12 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.
3 CVE-2002-0807 XSS 2002-08-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
4 CVE-2002-0787 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters.
5 CVE-2002-0771 XSS 2002-08-12 2016-11-19
6.4
None Remote Low Not required Partial Partial None
Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.
6 CVE-2002-0756 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
7 CVE-2002-0739 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page.
8 CVE-2002-0733 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
9 CVE-2002-0732 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments.
10 CVE-2002-0731 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.
11 CVE-2002-0730 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.
12 CVE-2002-0530 XSS 2002-08-12 2008-09-10
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter.
13 CVE-2002-0521 +Priv XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.
14 CVE-2002-0520 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.
15 CVE-2002-0504 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
16 CVE-2002-0494 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.
17 CVE-2002-0475 XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
18 CVE-2002-0474 XSS 2002-08-12 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag.
19 CVE-2002-0459 XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
20 CVE-2002-0458 XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
21 CVE-2002-0457 Exec Code XSS 2002-08-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.
22 CVE-2002-0413 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
23 CVE-2002-0411 XSS 2002-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.