Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.
Max CVSS
7.5
EPSS Score
0.17%
Published
2001-01-09
Updated
2018-10-30
Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
Max CVSS
7.5
EPSS Score
2.11%
Published
2001-09-20
Updated
2018-10-12
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.
Max CVSS
7.5
EPSS Score
0.23%
Published
2001-12-06
Updated
2008-09-10
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
Max CVSS
7.5
EPSS Score
1.74%
Published
2001-12-06
Updated
2017-12-19
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
Max CVSS
7.5
EPSS Score
8.28%
Published
2001-12-06
Updated
2017-10-10
Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.
Max CVSS
7.5
EPSS Score
1.89%
Published
2001-12-04
Updated
2017-12-19
Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script.
Max CVSS
7.5
EPSS Score
1.79%
Published
2001-08-31
Updated
2017-07-11
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.
Max CVSS
7.5
EPSS Score
5.45%
Published
2001-07-22
Updated
2017-10-10
Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message.
Max CVSS
7.5
EPSS Score
3.34%
Published
2001-07-24
Updated
2017-12-19
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
Max CVSS
7.5
EPSS Score
1.00%
Published
2001-07-02
Updated
2017-10-10
Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.
Max CVSS
7.5
EPSS Score
4.10%
Published
2001-07-02
Updated
2008-09-05
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
Max CVSS
7.5
EPSS Score
9.37%
Published
2001-12-17
Updated
2008-09-05
Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.
Max CVSS
7.5
EPSS Score
3.12%
Published
2001-12-28
Updated
2016-10-18
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
Max CVSS
7.5
EPSS Score
1.43%
Published
2001-07-21
Updated
2011-03-08
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter.
Max CVSS
7.5
EPSS Score
0.82%
Published
2001-11-25
Updated
2016-10-18
Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers.
Max CVSS
7.5
EPSS Score
1.06%
Published
2001-12-25
Updated
2017-10-10
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.
Max CVSS
7.5
EPSS Score
1.24%
Published
2001-12-27
Updated
2017-10-10
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
Max CVSS
7.5
EPSS Score
0.48%
Published
2001-09-10
Updated
2016-10-18
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
Max CVSS
7.5
EPSS Score
0.23%
Published
2001-12-31
Updated
2024-02-10
Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.
Max CVSS
6.8
EPSS Score
0.56%
Published
2001-07-02
Updated
2017-07-11
A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.
Max CVSS
5.1
EPSS Score
0.99%
Published
2001-12-06
Updated
2017-10-10
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
Max CVSS
5.1
EPSS Score
0.09%
Published
2001-12-06
Updated
2008-09-10
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
Max CVSS
5.1
EPSS Score
0.42%
Published
2001-12-21
Updated
2017-10-10
Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags.
Max CVSS
5.1
EPSS Score
0.52%
Published
2001-01-18
Updated
2008-09-05
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.
Max CVSS
5.0
EPSS Score
0.39%
Published
2001-11-15
Updated
2023-05-16
33 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!