CVE-2001-0658

medium

Description

Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/6991

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045

http://www.securityfocus.com/bid/3198

Details

Source: Mitre, NVD

Published: 2001-09-20

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.11669