CVE Daily
← All tags

Tag: Cross-site Scripting (XSS)

All CVEs associated with "Cross-site Scripting (XSS)". Page 394/397 • 47635 CVEs.

Subscribe CVEs: RSS for “Cross-site Scripting (XSS)”  ·  RSS (High+Critical only)

About “Cross-site Scripting (XSS)”

A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47635 CVEs for this tag (all time). In the last 365 days, 7586 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2004-11-23
Medium

CVE-2004-0305

Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id param…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0310

Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses,…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0314

Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-0319

Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font col…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0337

Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and t…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0339

Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0347

Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as othe…

CVSS: 6.0 CWE: N/A View on NVD
Medium

CVE-2004-0358

Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the ex…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0359

Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) sh…

CVSS: 6.8 CWE: N/A View on NVD
2004-10-25
Medium

CVE-2004-1630

Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1632

Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php.

CVSS: 4.3 CWE: N/A View on NVD
2004-10-20
Medium

CVE-2004-0781

Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent pa…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-0787

Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form inpu…

CVSS: 4.3 CWE: N/A View on NVD
2004-10-18
Medium

CVE-2004-1621

NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbi…

CVSS: 4.3 CWE: N/A View on NVD
2004-10-16
Medium

CVE-2004-1599

Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters.

CVSS: 4.3 CWE: N/A View on NVD
2004-10-14
Medium

CVE-2004-1700

Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echo…

CVSS: 4.3 CWE: N/A View on NVD
2004-10-13
Medium

CVE-2004-1594

Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag.

CVSS: 4.3 CWE: N/A View on NVD
2004-09-18
Medium

CVE-2004-1690

Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1692

Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.

CVSS: 4.3 CWE: N/A View on NVD
2004-09-17
Medium

CVE-2004-0534

Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via do…

CVSS: 4.3 CWE: N/A View on NVD
2004-09-10
Medium

CVE-2004-1669

Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1)…

CVSS: 4.3 CWE: N/A View on NVD
2004-09-05
Medium

CVE-2004-1665

Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter.

CVSS: 4.3 CWE: N/A View on NVD
2004-09-02
Medium

CVE-2004-1659

Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web scri…

CVSS: 4.3 CWE: N/A View on NVD
2004-09-01
Medium

CVE-2004-1655

Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) th…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1657

Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Refer…

CVSS: 4.3 CWE: N/A View on NVD
2004-08-31
Medium

CVE-2004-1648

Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1651

Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname…

CVSS: 4.3 CWE: N/A View on NVD
2004-08-30
Medium

CVE-2004-1645

Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x,…

CVSS: 4.3 CWE: N/A View on NVD
2004-08-28
Medium

CVE-2004-1640

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter param…

CVSS: 4.3 CWE: N/A View on NVD
2004-08-21
Medium

CVE-2004-1735

Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.

CVSS: 4.3 CWE: N/A View on NVD
2004-08-20
Medium

CVE-2004-1729

Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

CVSS: 4.3 CWE: N/A View on NVD
2004-08-18
Medium

CVE-2004-0519

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0520

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using…

CVSS: 6.8 CWE: N/A View on NVD
2004-08-17
Medium

CVE-2004-1719

Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global,…

CVSS: 4.3 CWE: N/A View on NVD
2004-08-16
Medium

CVE-2004-1716

Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.

CVSS: 6.8 CWE: N/A View on NVD
2004-08-06
Medium

CVE-2004-0584

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0588

Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0591

Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-ma…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0639

Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0660

Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0663

Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the (1) id parameter to the (a) private_messages module; (2)…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0672

Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users v…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0673

Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting e…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0675

Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBui…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0678

Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2004-0681

Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Co…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-1711

Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1712

Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter.

CVSS: 4.3 CWE: N/A View on NVD
2004-07-29
Medium

CVE-2004-2064

Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.

CVSS: 4.3 CWE: N/A View on NVD
2004-07-27
Medium

CVE-2004-0595

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0705

Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzill…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0725

Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0730

Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parame…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0731

Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2004-0737

Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel…

CVSS: 7.5 CWE: N/A View on NVD
2004-07-19
Medium

CVE-2004-2055

Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.

CVSS: 4.3 CWE: N/A View on NVD
2004-05-29
Medium

CVE-2004-2038

Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.p…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-2040

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to…

CVSS: 4.3 CWE: N/A View on NVD
2004-05-22
Medium

CVE-2004-2030

Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the me…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2004-05-21
Medium

CVE-2004-2028

Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-2031

Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields.

CVSS: 4.3 CWE: N/A View on NVD
2004-05-08
Medium

CVE-2004-2007

Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (…

CVSS: 4.3 CWE: N/A View on NVD
2004-05-05
Medium

CVE-2004-1996

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1999

Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters t…

CVSS: 4.3 CWE: N/A View on NVD
2004-05-04
Medium

CVE-2004-0379

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.

CVSS: 6.8 CWE: N/A View on NVD
2004-04-30
Medium

CVE-2004-1978

Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1979

Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1985

Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.

CVSS: 4.3 CWE: N/A View on NVD
2004-04-27
Medium

CVE-2004-1975

Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability t…

CVSS: 4.3 CWE: N/A View on NVD
2004-04-25
Medium

CVE-2004-1965

Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to…

CVSS: 4.3 CWE: N/A View on NVD
2004-04-23
Medium

CVE-2004-1964

Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter.

CVSS: 4.3 CWE: N/A View on NVD
2004-04-21
Medium

CVE-2004-1954

Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2004-1957

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2)…

CVSS: 2.6 CWE: N/A View on NVD
2004-04-15
Medium

CVE-2004-1935

Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attach…

CVSS: 4.3 CWE: N/A View on NVD
2004-04-14
Medium

CVE-2004-1939

Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.

CVSS: 4.3 CWE: N/A View on NVD
2004-04-12
Medium

CVE-2004-1930

Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTM…

CVSS: 4.3 CWE: N/A View on NVD
2004-04-11
Medium

CVE-2004-1924

Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2004-03-30
Critical

CVE-2004-1875

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter…

CVSS: 9.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2004-03-29
Medium

CVE-2004-1871

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1872

Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1874

Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user info…

CVSS: 4.3 CWE: N/A View on NVD
2004-03-26
Medium

CVE-2004-1862

Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to x…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1865

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name…

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2004-03-24
Medium

CVE-2004-1849

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parame…

CVSS: 4.3 CWE: N/A View on NVD
2004-03-22
Medium

CVE-2004-1840

Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php,…

CVSS: 4.3 CWE: N/A View on NVD
2004-03-18
Medium

CVE-2004-1829

Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or…

CVSS: 4.3 CWE: N/A View on NVD
2004-03-16
Medium

CVE-2004-1825

Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_ch…

CVSS: 4.3 CWE: N/A View on NVD
2004-03-15
Medium

CVE-2004-0191

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cro…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0192

Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that cont…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-1817

Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname fie…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1818

Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script i…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-1822

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2)…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-1827

Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow…

CVSS: 4.3 CWE: N/A View on NVD
2004-03-11
Medium

CVE-2003-1199

Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.

CVSS: 6.8 CWE: N/A View on NVD
2004-02-23
Medium

CVE-2004-0322

Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid paramete…

CVSS: 4.3 CWE: N/A View on NVD
2004-02-17
Medium

CVE-2003-0965

Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2003-0992

Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2003-1031

Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2004-0067

Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php,…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2004-0091

NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web s…

CVSS: 4.3 CWE: N/A View on NVD
2004-02-07
Medium

CVE-2004-2084

Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.

CVSS: 4.3 CWE: N/A View on NVD
2004-02-04
Medium

CVE-2004-2085

Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) t…

CVSS: 4.3 CWE: N/A View on NVD
2004-02-03
Medium

CVE-2004-0046

Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character.

CVSS: 4.3 CWE: N/A View on NVD
2004-01-24
Medium

CVE-2004-2122

Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters.

CVSS: 4.3 CWE: N/A View on NVD
2004-01-20
Medium

CVE-2004-0032

Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2004-0034

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2)…

CVSS: 4.3 CWE: N/A View on NVD
2004-01-05
Medium

CVE-2003-0980

Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" p…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2003-0981

FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site script…

CVSS: 6.1 CWE: CWE-346 - Origin Validation Error View on NVD
2003-12-31
Medium

CVE-2003-1100

Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2003-1157

Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2003-1164

Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2003-1175

Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2003-1204

Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2003-1211

Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2003-1219

Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid p…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2003-1231

Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2003-1237

Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2003-1238

Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of th…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2003-1241

Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP c…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2003-1243

Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.

CVSS: 4.3 CWE: N/A View on NVD