Vulnerabilities > CVE-2003-0526 - Unspecified vulnerability in Microsoft ISA Server 2000

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
exploit available
NVD
Published: 2003-08-18
Updated: 2024-11-20

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Exploit-Db

descriptionMicrosoft ISA Server 2000 Cross-Site Scripting Vulnerabilities. CVE-2003-0526. Remote exploit for windows platform
idEDB-ID:22919
last seen2016-02-02
modified2003-07-16
published2003-07-16
reporterBrett Moore
sourcehttps://www.exploit-db.com/download/22919/
titleMicrosoft ISA Server 2000 - Cross-Site Scripting Vulnerabilities

Oval

accepted2011-04-25T04:00:04.930-04:00
classvulnerability
contributors
  • nameTiffany Bergeron
    organizationThe MITRE Corporation
  • nameJeff Cheng
    organizationOpsware, Inc.
  • nameAkihito Nakamura
    organizationAIST
descriptionCross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
familywindows
idoval:org.mitre.oval:def:117
statusaccepted
submitted2003-10-03T12:00:00.000-04:00
titleMicrosoft ISA Server Cross-Site Scripting
version5

References