Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
2010-06-15T14:04:24.360
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | microsoft | windows_2003_server | * | Yes |
| Operating System | microsoft | windows_2003_server | * | Yes |
| Operating System | microsoft | windows_server_2003 | * | Yes |
| Operating System | microsoft | windows_xp | * | Yes |
| Operating System | microsoft | windows_xp | * | Yes |
| Operating System | microsoft | windows_xp | - | Yes |