Cross-site Scripting Vulnerability in Microsoft ISA Server 2000
CVE-2003-0526

Currently unrated

Key Information:

Vendor: Microsoft
Status: Isa Server
Vendor: CVE Published:; 18 August 2003

What is CVE-2003-0526?

A cross-site scripting vulnerability exists in Microsoft ISA Server 2000, allowing remote attackers to inject malicious scripts through URLs that are not properly sanitized in default error pages. This includes the pages served for '500 Internal Server Error' and '404 Not Found.' Attackers can leverage this flaw to execute arbitrary web scripts in the context of a user's session, potentially leading to unauthorized actions or data exposure.

References

http://marc.info/?l=ntbugtraq&m=105838590030409&w=2

mailing-listx_refsource_NTBUGTRAQ

http://marc.info/?l=bugtraq&m=105838862201266&w=2

mailing-listx_refsource_BUGTRAQ

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/...

mailing-listx_refsource_VULNWATCH

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 18, 2003
Vulnerability Reserved
Jul 8, 2003