Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0187 — Cross-site Scripting in Microsoft SQL Server

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

14.9%

top 5.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft SQL Server

Timeline

PublishedJul 3

Latest updateApr 30

Description

Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/sql_server2000

Patches

Patch: archives.neohapsis.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-vg32-84gw-2fph: Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root pa↗2022-04-30

▶

CVEList

CVE-2002-0187: Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root pa↗2003-04-02

▶

💥Exploits & PoCs

Exploit-DB

Microsoft SQL Server 2000 - SQLXML Script Injection↗2002-06-12

▶