Back to search
CVE-2003-0526
Published: Jul 17, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
mailing-list
x_refsource_NTBUGTRAQ
20030716 ISA Server - Error Page Cross Site Scripting
mailing-list
x_refsource_BUGTRAQ
20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
mailing-list
x_refsource_VULNWATCH
oval:org.mitre.oval:def:117
vdb-entry
signature
x_refsource_OVAL
MS03-028
vendor-advisory
x_refsource_MS
20030716 ISA Server - Error Page Cross Site Scripting
mailing-list
x_refsource_VULNWATCH
20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
mailing-list
x_refsource_BUGTRAQ
http://pivx.com/larholm/adv/TL006
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now