Vulnerability in N/a
CVE-2002-0075
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
EPSS: 0.696 (98.7th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting (mailing-list, x_refsource_BUGTRAQ)
- 4487 (vdb-entry, x_refsource_BID)
- 3341 (x_refsource_OSVDB, vdb-entry)
- MS02-018 (x_refsource_MS, vendor-advisory)
- iis-redirected-url-error-css(8804) (vdb-entry, x_refsource_XF)
- oval:org.mitre.oval:def:58 (signature, x_refsource_OVAL, vdb-entry)
- CA-2002-09 (x_refsource_CERT, third-party-advisory)
- VU#520707 (x_refsource_CERT-VN, third-party-advisory)
- oval:org.mitre.oval:def:210 (signature, x_refsource_OVAL, vdb-entry)
- 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 (x_refsource_CISCO, vendor-advisory)