Cross-site Scripting Vulnerability in Microsoft ISA Server 2000
CVE-2001-0658

Currently unrated

Key Information:

Vendor: Microsoft
Status: Isa Server
Vendor: CVE Published:; 20 September 2001

Summary

A cross-site scripting vulnerability exists in Microsoft Internet Security and Acceleration (ISA) Server 2000, permitting remote attackers to execute scripts or access cookies of users by manipulating an error message that improperly handles URLs. When users encounter a crafted URL that is not appropriately quoted, they may unknowingly execute malicious scripts, leading to potential data exposure or session hijacking. This vulnerability highlights the importance of robust input validation and security practices in web applications.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://exchange.xforce.ibmcloud.com/vulnerabilities/6991

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/3198

vdb-entryx_refsource_BID

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 20, 2001
Vulnerability Reserved
Aug 15, 2001