Cross-Site Scripting Vulnerability in IIS by Microsoft
CVE-2000-0746

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server; Frontpage
Vendor: CVE Published:; 20 October 2000

Summary

Vulnerabilities in Internet Information Services (IIS) 4.0 and 5.0 expose users to cross-site scripting attacks. These flaws allow malicious web operators to insert scripts into links pointing to trusted sites. When error messages are returned to clients, these scripts are executed in the context of the trusted site, facilitating potential data theft or session hijacking. This breach of security highlights the need for web administrators to implement stringent validation and sanitization of user input and error handling to mitigate the risks associated with cross-site scripting exploits.

References

http://www.securityfocus.com/templates/archive.pike?list=...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/1594

vdb-entryx_refsource_BID

http://www.securityfocus.com/bid/1595

vdb-entryx_refsource_BID

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 20, 2000
Vulnerability Reserved
Sep 19, 2000