VAR-200212-0495
Vulnerability from variot - Updated: 2025-04-03 22:14Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Microsoft TSAC Web Package and Microsoft IIS Included in the component connect.asp Is vulnerable to cross-site scripting due to improper sanitization of external input.Microsoft TSAC Web Package and Microsoft IIS 5.1 In any web Scripts and HTML May be inserted. It is an optional component that is installed by end-users. An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visited by a web user, the attacker-supplied code will be rendered in their browser, in the security context of the vulnerable site
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0495",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsac activex control",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "*"
},
{
"model": "tsac activex control",
"scope": null,
"trust": 0.9,
"vendor": "microsoft",
"version": null
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "windows 2000",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (server)"
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0 (terminal_srv)"
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
}
],
"sources": [
{
"db": "BID",
"id": "5952"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000247"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-622"
},
{
"db": "NVD",
"id": "CVE-2002-1795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_2000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_nt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows_xp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000247"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ARAI Yuu\u203b y.arai@lac.co.jp",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-622"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2002-1795",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1795",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2002-1795",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-622",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000247"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-622"
},
{
"db": "NVD",
"id": "CVE-2002-1795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Microsoft TSAC Web Package and Microsoft IIS Included in the component connect.asp Is vulnerable to cross-site scripting due to improper sanitization of external input.Microsoft TSAC Web Package and Microsoft IIS 5.1 In any web Scripts and HTML May be inserted. It is an optional component that is installed by end-users. \nAn attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visited by a web user, the attacker-supplied code will be rendered in their browser, in the security context of the vulnerable site",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1795"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000247"
},
{
"db": "BID",
"id": "5952"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5952",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2002-1795",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000247",
"trust": 0.8
},
{
"db": "XF",
"id": "10342",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3654",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200212-622",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "5952"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000247"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-622"
},
{
"db": "NVD",
"id": "CVE-2002-1795"
}
]
},
"id": "VAR-200212-0495",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-03T22:14:10.351000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.microsoft.com/ja/jp/default.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/5952"
},
{
"trust": 1.6,
"url": "http://www.iss.net/security_center/static/10342.php"
},
{
"trust": 1.0,
"url": "http://www.lac.co.jp/security/english/snsadv_e/56_e.html"
},
{
"trust": 1.0,
"url": "http://online.securityfocus.com/archive/1/294938"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1795"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1795"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3654"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-046.asp"
}
],
"sources": [
{
"db": "BID",
"id": "5952"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000247"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-622"
},
{
"db": "NVD",
"id": "CVE-2002-1795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "5952"
},
{
"db": "JVNDB",
"id": "JVNDB-2002-000247"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-622"
},
{
"db": "NVD",
"id": "CVE-2002-1795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-11T00:00:00",
"db": "BID",
"id": "5952"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000247"
},
{
"date": "2002-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-622"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-1795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-11T00:00:00",
"db": "BID",
"id": "5952"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2002-000247"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-622"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-1795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-622"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft TSAC Web Package and Microsoft IIS Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2002-000247"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-622"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…