CVE-2004-1133

CVE Database · CVE-2004-1133

CVE-2004-1133

· N/AModified

CVSS v3.1

N/A

EPSS

9.81%

Published

Jan 10, 2005

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message.

Affected Products (1)

microsoft · w3who.dllvulnerable

References (6)

http://marc.info/?l=full-disclosure&m=110234486823233&w=2

http://www.exaprobe.com/labs/advisories/esa-2004-1206.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/18375

http://marc.info/?l=full-disclosure&m=110234486823233&w=2

http://www.exaprobe.com/labs/advisories/esa-2004-1206.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/18375

KEV Catalog EPSS Scores Vendors All CVEs