Cross-Site Scripting Vulnerability in Microsoft Terminal Services Advanced Client
CVE-2002-1795

Currently unrated

Key Information:

Vendor: Microsoft
Status: Tsac Activex Control
Vendor: CVE Published:; 31 December 2002

Summary

The Microsoft Terminal Services Advanced Client (TSAC) ActiveX control features a cross-site scripting vulnerability located in the connect.asp file. This flaw allows remote attackers to inject arbitrary web scripts or HTML, which can lead to unauthorized actions on behalf of users and compromise user data integrity. Attackers can exploit this vulnerability through unknown vectors to execute malicious scripts in the context of a user’s session, posing significant security risks.

References

http://online.securityfocus.com/archive/1/294938

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/5952

vdb-entryx_refsource_BID

http://www.lac.co.jp/security/english/snsadv_e/56_e.html

x_refsource_MISC

EPSS Score

22% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 31, 2002