CVE-2002-0148

Microsoft Internet Information Server - XSS

Title source: rule

Description

Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thor Larholm · textremotewindows

https://www.exploit-db.com/exploits/21372

View Code ZIP pw:eip

References (9)

[US Government Resource] http://www.cert.org/advisories/CA-2002-09.html

[Vendor Advisory] http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml

[Third Party Advisory] http://www.iss.net/security_center/static/8803.php

[US Government Resource] http://www.kb.cert.org/vuls/id/886699

[Third Party Advisory, VDB Entry] http://www.osvdb.org/3339

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/4486

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A81

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A92

Scores

EPSS 0.7417

EPSS Percentile 98.9%

Details

Status published

Products (2)

microsoft/internet_information_server 4.0

microsoft/internet_information_services 5.0

Published Apr 22, 2002

Tracked Since Feb 18, 2026