Lucene search

MitreCVE-2000-1104

HistoryJan 09, 2001 - 5:00 a.m.

CVE-2000-1104

2001-01-0905:00:00

mitre

web.nvd.nist.gov

infosec

vulnerability

cross-site scripting

web operator

trusted site

error message

context

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Variant of the “IIS Cross-Site Scripting” vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.

Affected configurations

Nvd

Node

microsoftinternet_information_serverMatch4.0

microsoftinternet_information_servicesMatch5.0

VendorProductVersionCPE
microsoftinternet_information_server4.0cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
microsoftinternet_information_services5.0cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_information_server	4.0	cpe:2.3:a:microsoft:internet_information_server:4.0:::::::*
microsoft	internet_information_services	5.0	cpe:2.3:a:microsoft:internet_information_services:5.0:::::::*

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Related for CVE-2000-1104