Vulnerability in N/a

CVE-2002-0074

Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.

EPSS: 0.696 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

References

20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues (mailing-list, x_refsource_BUGTRAQ)
VU#883091 (x_refsource_CERT-VN, third-party-advisory)
4483 (vdb-entry, x_refsource_BID)
www.cgisecurity.com/advisory/9.txt (x_refsource_MISC)
oval:org.mitre.oval:def:46 (signature, x_refsource_OVAL, vdb-entry)
3338 (x_refsource_OSVDB, vdb-entry)
MS02-018 (x_refsource_MS, vendor-advisory)
CA-2002-09 (x_refsource_CERT, third-party-advisory)
iis-help-file-css(8802) (vdb-entry, x_refsource_XF)
20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 (x_refsource_CISCO, vendor-advisory)