CVE-2002-2073

Published: Dec 31, 2002Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.

Affected (3)

Products: Microsoft: Site Server, Site Server Commerce, Windows Nt

3 products

Site Server Commerce

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Site Server	Version 3.0
Microsoft Site Server Commerce	Version 3.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Nt	Version 4.0

References (6)

http://marc.info/?l=vulnwatch&m=101235440104716&w=2

Source: cve@mitre.org

http://www.iss.net/security_center/static/8050.php

Source: cve@mitre.org

http://www.securityfocus.com/bid/3999

Source: cve@mitre.org

ExploitVendor Advisory

http://marc.info/?l=vulnwatch&m=101235440104716&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.iss.net/security_center/static/8050.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/3999

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.