Vulnerability Name: | CVE-2003-0526 (CCN-12627) | ||||||||
Assigned: | 2003-07-16 | ||||||||
Published: | 2003-07-16 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." | ||||||||
CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: VULNWATCH Type: Vendor Advisory 20030716 ISA Server - Error Page Cross Site Scripting Source: VULNWATCH Type: UNKNOWN 20030716 Microsoft ISA Server HTTP error handler XSS (TL#007) Source: MITRE Type: CNA CVE-2003-0526 Source: BUGTRAQ Type: UNKNOWN 20030716 Microsoft ISA Server HTTP error handler XSS (TL#007) Source: BUGTRAQ Type: UNKNOWN 20030716 ISA Server - Error Page Cross Site Scripting Source: NTBUGTRAQ Type: UNKNOWN 20030716 Microsoft ISA Server HTTP error handler XSS (TL#007) Source: MISC Type: UNKNOWN http://pivx.com/larholm/adv/TL006 Source: CCN Type: CIAC Information Bulletin N-119 Microsoft Internet Security and Acceleration (ISA) Server Error Pages Could Allow Cross-Site Scripting Attack Source: CCN Type: Microsoft Security Bulletin MS03-028 Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack (816456) Source: CCN Type: OSVDB ID: 2298 Microsoft ISA Server Error Page XSS Source: CCN Type: OSVDB ID: 2320 Microsoft ISA Server HTTP Error Handler XSS Source: CCN Type: BID-8207 Microsoft ISA Server Cross-Site Scripting Vulnerabilities Source: MS Type: UNKNOWN MS03-028 Source: XF Type: UNKNOWN isa-homepage-error-xss(12627) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:117 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |