CVE-2002-0187

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server 2000

Description A cross-site scripting issue exists in the SQLXML component, allowing an attacker to execute arbitrary script via the root parameter as part of an XML SQL query.

Recommendations For Microsoft SQL Server 2000, consider restricting access to the SQLXML component to minimize the risk of exploitation. Avoid using the root parameter in XML SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.