7.5

CVE-2000-0746

EPSS 18.28%
Published 20.10.2000 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks.  They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client.  The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Frontpage

Microsoft ≫ Internet Information Server Version4.0

Microsoft ≫ Internet Information Services Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.28%	0.95

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.securityfocus.com/bid/1594

Patch

Vendor Advisory

http://www.securityfocus.com/bid/1595

Patch

Vendor Advisory

http://www.securityfocus.com/templates/archive.pike?list=1&msg=39A12BD6.E811BF4F%40nat.bg

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060

https://nvd.nist.gov/vuln/detail/CVE-2000-0746

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2000-0746

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2000-0746

EUVD