CVE-2002-0187

Microsoft Sql Server - XSS

Title source: rule

Description

Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Matt Moore · textremotewindows

https://www.exploit-db.com/exploits/21541

View Code ZIP pw:eip

References (3)

Core 3

Core References

Patch, Vendor Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=102397345410856&w=2

Scores

EPSS 0.1488

EPSS Percentile 94.6%

Details

Status published

Products (1)

microsoft/sql_server 2000 (3 CPE variants)

Published Jul 03, 2002

Tracked Since Feb 18, 2026