CVE-2000-0746

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server; Frontpage
Vendor: CVE Published:; 20 October 2000

Summary

Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.

References

http://www.securityfocus.com/templates/archive.pike?list=...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/1594

vdb-entryx_refsource_BID

http://www.securityfocus.com/bid/1595

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 20, 2000
Vulnerability Reserved
Sep 19, 2000

Collectors

NVD DatabaseMitre Database