6.4 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.032 Low
EPSS
Percentile
91.0%
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for β500 Internal Server errorβ or (2) 404.htm for β404 Not Found.β
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:isa_server | microsoft isa server | eq | 2000 |
archives.neohapsis.com/archives/vulnwatch/2003-q3/0029.html
archives.neohapsis.com/archives/vulnwatch/2003-q3/0031.html
marc.info/?l=bugtraq&m=105838519729525&w=2
marc.info/?l=bugtraq&m=105838862201266&w=2
marc.info/?l=ntbugtraq&m=105838590030409&w=2
pivx.com/larholm/adv/TL006
docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-028
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A117