CVE-2011-1264

Microsoft Windows 2003 Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."

References (2)

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12749

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-051

Scores

EPSS 0.0188

EPSS Percentile 83.0%

Classification

CWE

CWE-79

Status published

Affected Products (8)

microsoft/windows_2003_server

microsoft/windows_server_2003

microsoft/windows_server_2008

n/a/n/a

Timeline

Published Jun 16, 2011

Tracked Since Feb 18, 2026