Explore CVEs related to XSS vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing XSS CVEs published in 2002. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2002-2424 | Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag. | 4.3 | 0.56% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2422 | Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message. | 4.3 | 0.39% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2418 | Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page. | 4.3 | 0.38% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2386 | Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | 4.3 | 0.25% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2378 | Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page. | 4.3 | 0.36% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2377 | Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. | 4.3 | 0.36% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2376 | Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605. | 4.3 | 0.57% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2364 | Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket. | 4.3 | 0.36% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2362 | Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter. | 4.3 | 0.56% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2359 | Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. | 4.3 | 0.15% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2358 | Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL. | 4.3 | 0.59% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2350 | Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. | 4.3 | 0.39% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2348 | Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter. | 4.3 | 0.56% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2347 | Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | 4.3 | 0.37% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2343 | Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages. | 4.3 | 0.56% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2341 | Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. | 4.3 | 0.43% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2340 | Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response. | 4.3 | 0.26% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2339 | Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags. | 4.3 | 0.56% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2330 | Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers. | 5.0 | 0.36% | 2002-12-31 | 2026-04-16 |
| CVE-2002-2321 | Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter. | 4.3 | 0.56% | 2002-12-31 | 2026-04-16 |