Vulnerability Details CVE-2002-0074
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.676
EPSS Ranking 98.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://seclists.org/bugtraq/2002/Apr/0126.html
- http://www.cert.org/advisories/CA-2002-09.html
- http://www.cgisecurity.com/advisory/9.txt
- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
- http://www.iss.net/security_center/static/8802.php
- http://www.kb.cert.org/vuls/id/883091
- http://www.osvdb.org/3338
- http://www.securityfocus.com/bid/4483
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A46
- http://seclists.org/bugtraq/2002/Apr/0126.html
- http://www.cert.org/advisories/CA-2002-09.html
- http://www.cgisecurity.com/advisory/9.txt
- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
- http://www.iss.net/security_center/static/8802.php
- http://www.kb.cert.org/vuls/id/883091
- http://www.osvdb.org/3338
- http://www.securityfocus.com/bid/4483
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A46
Products affected by CVE-2002-0074
-
cpe:2.3:a:microsoft:internet_information_server:4.0
-
cpe:2.3:a:microsoft:internet_information_services:5.0