Vulnerabilities > CVE-2003-0526 - Unspecified vulnerability in Microsoft ISA Server 2000

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
microsoft
exploit available
NVD
Published: 2003-08-18
Updated: 2018-10-12

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Exploit-Db

descriptionMicrosoft ISA Server 2000 Cross-Site Scripting Vulnerabilities. CVE-2003-0526. Remote exploit for windows platform
idEDB-ID:22919
last seen2016-02-02
modified2003-07-16
published2003-07-16
reporterBrett Moore
sourcehttps://www.exploit-db.com/download/22919/
titleMicrosoft ISA Server 2000 - Cross-Site Scripting Vulnerabilities

Oval

accepted2011-04-25T04:00:04.930-04:00
classvulnerability
contributors
  • nameTiffany Bergeron
    organizationThe MITRE Corporation
  • nameJeff Cheng
    organizationOpsware, Inc.
  • nameAkihito Nakamura
    organizationAIST
descriptionCross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
familywindows
idoval:org.mitre.oval:def:117
statusaccepted
submitted2003-10-03T12:00:00.000-04:00
titleMicrosoft ISA Server Cross-Site Scripting
version5

References