Vulnerabilities (CVE)

Filtered by vendor Lycos Subscribe
Filtered by product Htmlgear Guestgear
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2808 1 Lycos 1 Htmlgear Guestgear 2024-11-21 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations.
CVE-2002-1493 1 Lycos 1 Htmlgear Guestgear 2024-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.