CVE-2003-0526
Microsoft ISA Server 2000 - Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Microsoft Internet Security and Acceleration (ISA) Server 2000 permite a atacantes remotos inyectar script web arbitrario en la porción del nombre de dominio, que no es limpiado adecuadamente en las páginas de error por defecto (1) 500.htm ("500 Internal Server Error") o (2) 404.htm ("404 No encontrado").
CVSS Scores
SSVC
- Decision:-
Timeline
- 2003-07-08 CVE Reserved
- 2003-07-16 First Exploit
- 2003-07-17 CVE Published
- 2024-05-14 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0031.html | Mailing List | |
http://marc.info/?l=bugtraq&m=105838519729525&w=2 | Mailing List | |
http://marc.info/?l=bugtraq&m=105838862201266&w=2 | Mailing List | |
http://marc.info/?l=ntbugtraq&m=105838590030409&w=2 | Mailing List | |
http://pivx.com/larholm/adv/TL006 | X_refsource_misc | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A117 | Signature |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/22919 | 2003-07-16 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Isa Server Search vendor "Microsoft" for product "Isa Server" | 2000 Search vendor "Microsoft" for product "Isa Server" and version "2000" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Isa Server Search vendor "Microsoft" for product "Isa Server" | 2000 Search vendor "Microsoft" for product "Isa Server" and version "2000" | fp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Isa Server Search vendor "Microsoft" for product "Isa Server" | 2000 Search vendor "Microsoft" for product "Isa Server" and version "2000" | sp1 |
Affected
|