Cross-Site Scripting Flaw in Microsoft Internet Information Server (IIS)
CVE-2002-1181

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 12 November 2002

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the administrative web pages of Microsoft Internet Information Server (IIS) versions 4.0 to 5.1. These flaws allow remote attackers to inject and execute malicious HTML and script content under certain conditions. The vulnerabilities are associated with a specific ASP file located in the IISHELP virtual directory and may also be exploitable through other unknown vectors, potentially leading to unauthorized access or manipulation of user sessions.

References

http://www.iss.net/security_center/static/10501.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6072

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 12, 2002
Vulnerability Reserved
Oct 4, 2002