CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2004-1133

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.139

EPSS Ranking 94.0%

CVSS Severity

CVSS v2 Score 6.8

References

http://marc.info/?l=full-disclosure&m=110234486823233&w=2
http://www.exaprobe.com/labs/advisories/esa-2004-1206.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18375
http://marc.info/?l=full-disclosure&m=110234486823233&w=2
http://www.exaprobe.com/labs/advisories/esa-2004-1206.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18375

Products affected by CVE-2004-1133

Microsoft » W3who.dll » Version: Any

cpe:2.3:a:microsoft:w3who.dll:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-1133

Products

Pricing

Contact Us