Microsoft Indexing Services Cross Site Scripting Vulnerability
CVE-2000-0942

Currently unrated

Key Information:

Vendor: Microsoft
Status: Indexing Service
Vendor: CVE Published:; 19 December 2000

Summary

The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 is susceptible to a cross site scripting vulnerability. Attackers can exploit this flaw by sending specially crafted requests with a CiRestriction parameter in a .htw file, potentially allowing unauthorized execution of scripts in users' browsers. This vulnerability can lead to a range of malicious activities, compromising user sessions and sensitive information.

References

http://www.securityfocus.com/archive/1/141903

mailing-listx_refsource_BUGTRAQ

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/1861

vdb-entryx_refsource_BID

EPSS Score

48% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 19, 2000
Vulnerability Reserved
Nov 24, 2000