) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2004-1930 |
Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. Published: April 12, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1924 |
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php. Published: April 11, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1875 |
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10. Published: March 30, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
| CVE-2004-1871 |
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields. Published: March 29, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1872 |
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag. Published: March 29, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1874 |
Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms. Published: March 29, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1862 |
Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php. Published: March 26, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1865 |
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability. Published: March 26, 2004; 12:00:00 AM -0500 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2004-1849 |
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html. Published: March 24, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1840 |
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. Published: March 22, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1829 |
Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log. Published: March 18, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1825 |
Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. Published: March 16, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-0191 |
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. Published: March 15, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2004-0192 |
Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. Published: March 15, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2004-1817 |
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. Published: March 15, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1818 |
Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter. Published: March 15, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2004-1822 |
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php. Published: March 15, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1827 |
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. Published: March 15, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2003-1199 |
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL. Published: March 11, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2004-0322 |
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed. Published: February 23, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |