Cross-site scripting vulnerability in Microsoft Content Management Server
CVE-2007-0939

Currently unrated

Key Information:

Vendor: Microsoft
Status: Content Management Server
Vendor: CVE Published:; 10 April 2007

Summary

This vulnerability in Microsoft Content Management Server allows attackers to exploit the system by injecting arbitrary web scripts or HTML through certain vectors related to HTML redirection queries. By leveraging this security flaw, unauthorized users can manipulate the content that is displayed on the site for visitors, potentially leading to spoofing attacks.

References

http://www.securityfocus.com/archive/1/466331/100/200/thr...

vendor-advisoryx_refsource_HP

http://www.vupen.com/english/advisories/2007/1322

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1017894

vdb-entryx_refsource_SECTRACK

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 10, 2007
Vulnerability Reserved
Feb 14, 2007