CVE-2003-0526 in ISA Serverinfo

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

07/08/2003

Disclosure

08/18/2003

Moderation

VulDB entry created

Entries

VDB-20695 (1)

CPE

ready

CWE

CWE-80 (Confirmed)

Exploit

Download

CVSS

4.3

EPSS

0.45647

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2003-0526
NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0526
CVE Details	https://www.cvedetails.com/cve/CVE-2003-0526/

◂ Previous Overview Next ▸