CVE-2011-1264

CVE Database · CVE-2011-1264

CVE-2011-1264

· N/AModified

CVSS v3.1

N/A

EPSS

5.15%

Published

Jun 16, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."

Weaknesses (CWE)

CWE-79

Affected Products (7)

microsoft · windows_2003_servervulnerable

microsoft · windows_server_2003vulnerable

microsoft · windows_server_2008vulnerable

References (4)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-051

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12749

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-051

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12749

KEV Catalog EPSS Scores Vendors All CVEs