CVE-2017-0055
MEDIUMMicrosoft IIS Server - Cross-Site Scripting via Crafted Request
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-0055. PoCs published by NetJBS.
AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2017-0055, a cross-site scripting (XSS) vulnerability in Microsoft IIS. The exploit leverages improper handling of UNC paths to inject malicious JavaScript code.
Description
Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability."
Exploits (1)
This repository contains a functional proof-of-concept for CVE-2017-0055, a cross-site scripting (XSS) vulnerability in Microsoft IIS. The exploit leverages improper handling of UNC paths to inject malicious JavaScript code.
References (3)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N