Lucene search

[email protected]NVD:CVE-2000-1104

HistoryJan 09, 2001 - 5:00 a.m.

CVE-2000-1104

2001-01-0905:00:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON

Variant of the “IIS Cross-Site Scripting” vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.

Affected configurations

NVD

Node

microsoftinternet_information_serverMatch4.0

microsoftinternet_information_servicesMatch5.0

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for NVD:CVE-2000-1104

cvelist2 openvas1 cve2 nessus1 nvd1