Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1371 | Cross-Site Scripting vulnerability in Nuked-Klan 1.3Beta Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules. | 4.3 |
| 2003-12-31 | CVE-2003-1370 | Cross-Site Scripting vulnerability in Nuked-Klan 1.2Beta Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module. | 4.3 |
| 2003-12-31 | CVE-2003-1353 | Cross-Site Scripting vulnerability in Lanifex Outreach Project Tool 0.946B Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field. | 4.3 |
| 2003-12-31 | CVE-2003-1348 | Cross-Site Scripting vulnerability in Ftls Guestbook 1.1 Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. | 4.3 |
| 2003-12-31 | CVE-2003-1347 | Cross-Site Scripting vulnerability in Geeklog 1.3.7 Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field. | 4.3 |
| 2003-12-31 | CVE-2003-1334 | Cross-Site Scripting vulnerability in KAI Blankenhorn Bitfolge Simple and Nice Index File Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2003-12-01 | CVE-2003-0624 | Cross-Site Scripting vulnerability in BEA Weblogic Server Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. | 4.3 |
| 2003-11-17 | CVE-2003-0712 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script. | 4.3 |
| 2003-10-28 | CVE-2003-1151 | Cross-Site Scripting vulnerability in Fastream NetFile Error Message Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page. | 4.3 |
| 2003-10-06 | CVE-2003-0801 | Cross-Site Scripting vulnerability in Nokia Electronic Documentation 5.0 Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. | 4.3 |