CVE-2002-1181

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 12 November 2002

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.

References

http://www.iss.net/security_center/static/10501.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6072

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

3% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 12, 2002
Vulnerability Reserved
Oct 4, 2002

Collectors

NVD DatabaseMitre Database