Vulnerability Description
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sql Server | 2000 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.htmlPatchVendor Advisory
- http://marc.info/?l=bugtraq&m=102397345410856&w=2
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-03
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.htmlPatchVendor Advisory
- http://marc.info/?l=bugtraq&m=102397345410856&w=2
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-03
FAQ
What is CVE-2002-0187?
CVE-2002-0187 is a vulnerability with a CVSS score of 7.5 (HIGH). Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script I...
How severe is CVE-2002-0187?
CVE-2002-0187 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0187?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sql Server.