Cross-Site Scripting Vulnerability in Microsoft Site Server 3.0
CVE-2002-2073

Currently unrated

Key Information:

Vendor: Microsoft
Status: Site Server; Site Server Commerce
Vendor: CVE Published:; 31 December 2002

Summary

Microsoft Site Server 3.0 on Windows NT 4.0 is susceptible to a cross-site scripting (XSS) vulnerability caused by improper validation of input on the default ASP pages. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the 'ctr' parameter in Default.asp and the query string of formslogin.asp. Exploiting this vulnerability can lead to the execution of malicious scripts in a user's browser, potentially compromising sensitive information and session tokens.

References

http://marc.info/?l=vulnwatch&m=101235440104716&w=2

mailing-listx_refsource_VULNWATCH

http://www.iss.net/security_center/static/8050.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/3999

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Jul 14, 2005
Vulnerability published
Dec 31, 2002