Synced 16 Jun 2026 15:24 UTC Account
← All products

CVE-2002-0187

HIGH severity · CVSS 7.5
7.5CVSS HIGH

Summary

Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges required
User interaction
Confidentiality impact
Integrity impact
Availability impact
Exploit probability (EPSS)14%

AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected products we track (1)

Microsoft SQL Server

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html ↗

Additional information