CVE-2002-2073

Currently unrated

Key Information:

Vendor: Microsoft
Status: Site Server; Site Server Commerce
Vendor: CVE Published:; 31 December 2002

Summary

Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.

References

http://marc.info/?l=vulnwatch&m=101235440104716&w=2

mailing-listx_refsource_VULNWATCH

http://www.iss.net/security_center/static/8050.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/3999

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jul 14, 2005
Vulnerability published
Dec 31, 2002

Collectors

NVD DatabaseMitre Database