Last Modified: Oct. 18, 2016
Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: None
Integrity Impact: Partial
Availability Impact: None
Base Score: 4.3
Exploitability Score: 8.6
Impact Score: 2.9
CVSS V2: AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD-CWE-Other
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:a:microsoft:site_server:3.0:*:*:*:*:*:*:* Part: a Vendor: microsoft | Alle Schwachstellen für microsoft | |
| cpe:2.3:a:microsoft:site_server_commerce:3.0:*:*:*:*:*:*:* Part: a Vendor: microsoft | Alle Schwachstellen für microsoft | |
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:* Part: o Vendor: microsoft | Alle Schwachstellen für microsoft | |
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<set operator="or">
<prop key="application" value="cpe:2.3:a:microsoft:site_server:3.0:*:*:*:*:*:*:*"/>
<prop key="application" value="cpe:2.3:a:microsoft:site_server_commerce:3.0:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*"/>
</set>
</set>
<prop key="program_influence" value="input"/>
<prop key="range" value="remote"/>
</set>
<?xml version="1.0" ?>
<set operator="and">
<prop key="target" value="host"/>
<set operator="or">
<prop key="program_influence" value="input"/>
<prop key="program_influence" value="output"/>
<prop key="program_influence" value="existence"/>
</set>
<prop key="data" value="any"/>
<set operator="or">
<prop key="data_influence" value="write"/>
<prop key="data_influence" value="delete"/>
</set>
<set operator="or">
<prop key="range" value="remote"/>
<prop key="range" value="local"/>
</set>
</set>