ID

VAR-200101-0078


CVE

CVE-2000-1104


TITLE

MS:MS00-060 (CVE-2000-0746) variant "IIS Cross-site scripting " Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200101-053

DESCRIPTION

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site. IIS Far East Edition is prone to a cross-site scripting vulnerability

Trust: 1.17

sources: NVD: CVE-2000-1104 // BID: 83024

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.3

sources: BID: 83024 // CNNVD: CNNVD-200101-053 // NVD: CVE-2000-1104

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-1104
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200101-053
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2000-1104
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200101-053 // NVD: CVE-2000-1104

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-1104

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200101-053

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200101-053

EXTERNAL IDS

db:NVDid:CVE-2000-1104

Trust: 1.9

db:MSid:MS00-060

Trust: 0.6

db:CNNVDid:CNNVD-200101-053

Trust: 0.6

db:BIDid:83024

Trust: 0.3

sources: BID: 83024 // CNNVD: CNNVD-200101-053 // NVD: CVE-2000-1104

REFERENCES

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060

Trust: 1.0

url:http://www.microsoft.com/technet/security/bulletin/ms00-060.asp

Trust: 0.9

sources: BID: 83024 // CNNVD: CNNVD-200101-053 // NVD: CVE-2000-1104

CREDITS

Unknown

Trust: 0.3

sources: BID: 83024

SOURCES

db:BIDid:83024
db:CNNVDid:CNNVD-200101-053
db:NVDid:CVE-2000-1104

LAST UPDATE DATE

2024-08-14T14:42:26.733000+00:00


SOURCES UPDATE DATE

db:BIDid:83024date:2001-01-09T00:00:00
db:CNNVDid:CNNVD-200101-053date:2005-10-31T00:00:00
db:NVDid:CVE-2000-1104date:2018-10-30T16:25:10.357

SOURCES RELEASE DATE

db:BIDid:83024date:2001-01-09T00:00:00
db:CNNVDid:CNNVD-200101-053date:2001-01-09T00:00:00
db:NVDid:CVE-2000-1104date:2001-01-09T05:00:00