First published: Wed Jul 03 2002(Updated: )
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft SQL Server | =2000-sp2 | |
Microsoft SQL Server | =2000 | |
Microsoft SQL Server | =2000-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2002-0187 is considered a moderate severity vulnerability due to its potential for cross-site scripting attacks.
To fix CVE-2002-0187, apply the latest service pack and security updates for Microsoft SQL Server 2000.
CVE-2002-0187 affects Microsoft SQL Server 2000, specifically versions 2000, 2000 SP1, and 2000 SP2.
CVE-2002-0187 allows attackers to execute arbitrary scripts via cross-site scripting through XML SQL queries.
Yes, CVE-2002-0187 can be easily exploited if the application does not properly sanitize input parameters.