7.5

CVE-2000-0746

EPSS 18.28%
Veröffentlicht 20.10.2000 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks.  They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client.  The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Frontpage

Microsoft ≫ Internet Information Server Version4.0

Microsoft ≫ Internet Information Services Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	18.28%	0.95

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.securityfocus.com/bid/1594

Patch

Vendor Advisory

http://www.securityfocus.com/bid/1595

Patch

Vendor Advisory

http://www.securityfocus.com/templates/archive.pike?list=1&msg=39A12BD6.E811BF4F%40nat.bg

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060

https://nvd.nist.gov/vuln/detail/CVE-2000-0746

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2000-0746

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2000-0746

EUVD