CVSS: 6.1EPSS: 38%CPEs: 5EXPL: 0CVE-2009-0239
https://notcve.org/view.php?id=CVE-2009-0239
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Windows Search v4.0 para Microsoft Windows XP SP2 y SP3 y Server 2003 SP2, permite a atacantes remotos asistidos por usuarios... • http://osvdb.org/54935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 73%CPEs: 6EXPL: 0CVE-2008-4032
https://notcve.org/view.php?id=CVE-2008-4032
10 Dec 2008 — Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." Microsoft Office SharePoint Server 2007 Gold y SP1 y Microsoft Search Server 2008 no realizan aprop... • http://secunia.com/advisories/33063 • CWE-287: Improper Authentication •