CVE-2002-0187
First published: Wed Jul 03 2002(Updated: )
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SQL Server | =2000-sp2 | |
| Microsoft SQL Server | =2000 | |
| Microsoft SQL Server | =2000-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0187?
CVE-2002-0187 is considered a moderate severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2002-0187?
To fix CVE-2002-0187, apply the latest service pack and security updates for Microsoft SQL Server 2000.
What versions of SQL Server are affected by CVE-2002-0187?
CVE-2002-0187 affects Microsoft SQL Server 2000, specifically versions 2000, 2000 SP1, and 2000 SP2.
What kind of attack does CVE-2002-0187 allow?
CVE-2002-0187 allows attackers to execute arbitrary scripts via cross-site scripting through XML SQL queries.
Is CVE-2002-0187 easily exploitable?
Yes, CVE-2002-0187 can be easily exploited if the application does not properly sanitize input parameters.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft sql server
- version/microsoft sql server/2000-sp2
- version/microsoft sql server/2000
- version/microsoft sql server/2000-sp1