ID CVE-2002-0074
Summary Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 23-11-2020 - 19:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2010-12-20T04:00:58.484-05:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Shane Shaffer
    organization G2, Inc.
  • name Josh Turpin
    organization Symantec Corporation
  • name Sudhir Gandhe
    organization Telos
  • name Shane Shaffer
    organization G2, Inc.
description Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
family windows
id oval:org.mitre.oval:def:46
status deprecated
submitted 2003-10-10T12:00:00.000-04:00
title DEPRECATED: IIS Help File Search Cross-site Scripting
version 32
refmap via4
bid 4483
bugtraq 20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
cert CA-2002-09
cert-vn VU#883091
cisco 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
misc http://www.cgisecurity.com/advisory/9.txt
osvdb 3338
xf iis-help-file-css(8802)
Last major update 23-11-2020 - 19:49
Published 22-04-2002 - 04:00
Last modified 23-11-2020 - 19:49
Back to Top