Lucene search
MitreCVE-2002-2073HistoryJul 14, 2005 - 4:00 a.m.
CVE-2002-2073
2005-07-1404:00:00
mitre
web.nvd.nist.gov
41
cve-2002-2073
cross-site scripting
xss vulnerability
microsoft site server 3.0
remote attackers
web script
html
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.014
Percentile
86.5%
Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.
Affected configurations
Node
microsoftsite_serverMatch3.0
ORmicrosoftsite_server_commerceMatch3.0
Node
microsoftwindows_ntMatch4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | site_server | 3.0 | cpe:2.3:a:microsoft:site_server:3.0:*:*:*:*:*:*:* |
| microsoft | site_server_commerce | 3.0 | cpe:2.3:a:microsoft:site_server_commerce:3.0:*:*:*:*:*:*:* |
| microsoft | windows_nt | 4.0 | cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
Microsoft Site Server 3.0 - Cross-Site Scripting
2002-01-29 00:00:00
nvd
nvd
CVE-2002-2073
2002-12-31 05:00:00
nessus
nessus
MS Site Server < 3.0 formslogin.asp url Parameter XSS
2008-08-18 00:00:00
cvelist
cvelist
CVE-2002-2073
2005-07-14 04:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.014
Percentile
86.5%
Related for CVE-2002-2073