CVE-2006-0032
Description
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
Risk Information
Base Score
8.1
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
70.55
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Windows 2000 (KB920685) | Windows |
| Security Update for Windows XP (KB920685) x86 based systems for SP1 | Windows |
| Security Update for Windows XP (KB920685) x86 based systems for SP2 | Windows |
| Security Update for Windows Server 2003 (KB920685) x86 based systems | Windows |
| Security Update for Windows Server 2003 (KB920685) x86 based systems for SP1 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234