LiveActive security incident?Get immediate response
CVE archive

November 2003

Browse CVE records published in November 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 114 matching CVEs · Page 1 of 3.

Unknown · CVSS Not scored

CVE-2003-1277: Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attacker...

Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html

Published Nov 16, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1285: Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attacke...

Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).

Published Nov 22, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1282: IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and p...

IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form.

Published Nov 16, 2005 · Updated Aug 8, 2024