CVE-2002-0187
Microsoft SQL Server 2000 - SQLXML Script Injection
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
Vulnerabilidad de secuencias de comandos en sitios cruzados en el componente SQLXML de Microsoft SQL Server 2000, permite a atacantes la ejecución arbitraria de código mediante el parámetro root como parte de una consulta XML SQL, también conocida como "Script Injection via XML Tag".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-04-20 CVE Reserved
- 2002-06-12 First Exploit
- 2002-07-03 CVE Published
- 2024-08-08 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://marc.info/?l=bugtraq&m=102397345410856&w=2 | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/21541 | 2002-06-12 |
URL | Date | SRC |
---|---|---|
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html | 2018-10-12 |
URL | Date | SRC |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030 | 2018-10-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2000 Search vendor "Microsoft" for product "Sql Server" and version "2000" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2000 Search vendor "Microsoft" for product "Sql Server" and version "2000" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2000 Search vendor "Microsoft" for product "Sql Server" and version "2000" | sp2 |
Affected
|