CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
76.4%
Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka âMicrosoft IIS Server XSS Elevation of Privilege Vulnerability.â
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_vista | cpe:/o:microsoft:windows_vista::sp2:: | |
microsoft | windows_server_2008 | r2 | cpe:/o:microsoft:windows_server_2008:r2::: |
microsoft | windows_10 | 1607 | cpe:/o:microsoft:windows_10:1607::: |
microsoft | windows_server_2012 | r2 | cpe:/o:microsoft:windows_server_2012:r2::: |
microsoft | windows_10 | 1511 | cpe:/o:microsoft:windows_10:1511::: |
microsoft | windows_7 | cpe:/o:microsoft:windows_7::sp1:: | |
microsoft | windows_server_2012 | - | cpe:/o:microsoft:windows_server_2012:-::: |
microsoft | windows_server_2008 | cpe:/o:microsoft:windows_server_2008::sp2:: | |
microsoft | windows_8.1 | cpe:/o:microsoft:windows_8.1:::: | |
microsoft | windows_server_2016 | cpe:/o:microsoft:windows_server_2016:::: |
[
{
"product": "IIS Server",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
76.4%