CVE-2004-1133
medium
Microsoft CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
13.9%
Exploitation probability in 30 days
Top 6% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: January 10, 2005 (7794 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD
Vulnerability Report
Generated by CyberWatcher
Description
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message.
CWE
NVD-CWE-OtherAffected Products
microsoft w3who.dll