Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2004-12-31 CVE-2004-2720 Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000
Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter.
4.3
2004-12-31 CVE-2004-2704 Cross-Site Scripting vulnerability in multiple products
Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks.
4.3
2004-12-31 CVE-2004-2702 Cross-Site Scripting vulnerability in Swsoft Plesk 7.0/7.1
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter.
network
swsoft CWE-79
4.3
2004-12-31 CVE-2004-2701 Cross-Site Scripting vulnerability in Aspdotnetstorefront 3.3
Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.
4.3
2004-12-31 CVE-2004-2688 Cross-Site Scripting vulnerability in Newsphp
Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
network
newsphp CWE-79
4.3
2004-12-31 CVE-2004-1863 Cross-Site Scripting vulnerability in XMB Forum XMB 1.8Sp3/1.9Beta
Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php.
network
xmb-forum CWE-79
4.3
2004-12-31 CVE-2004-1424 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
network
moodle CWE-79
4.3
2004-11-23 CVE-2004-0203 Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
network
microsoft CWE-79
4.3
2004-08-06 CVE-2004-0678 Cross-Site Scripting vulnerability in 12Planet Chat Server 2.9
Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter.
network
12planet CWE-79
4.3
2004-05-22 CVE-2004-2030 Cross-Site Scripting vulnerability in Liferay Enterprise Portal 2.1.0
Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject.
network
liferay CWE-79
4.3