Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0526

4 documents4 sources
Severity
6.8MEDIUM
EPSS
45.6%
top 2.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft ISA Server
Timeline
PublishedAug 18
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xjm3-g539-hx9g: Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary2022-04-29
CVEList
CVE-2003-0526: Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary2003-07-17

💥Exploits & PoCs

1
Exploit-DB
Microsoft ISA Server 2000 - Cross-Site Scripting2003-07-16
CVE-2003-0526 (MEDIUM CVSS 6.8) | Cross-site scripting (XSS) vulnerab | cvebase.io