Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2073

4 documents4 sources
Severity
4.3MEDIUM
EPSS
3.2%
top 13.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft Site ServerMicrosoft Site Server CommerceMicrosoft Windows NT
Timeline
PublishedDec 31
Latest updateApr 30

Description

Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-33j6-jcch-j278: Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 32022-04-30
CVEList
CVE-2002-2073: Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 32005-07-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Site Server 3.0 - Cross-Site Scripting2002-01-29
CVE-2002-2073 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io