Back to search
CVE-2000-0746
Published: Sep 21, 2000
Modified: Aug 8, 2024
PUBLISHED
Description
Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20000821 IIS 5.0 cross site scripting vulnerability - using .shtml files or /_vti_bin/shtml.dll
mailing-list
x_refsource_BUGTRAQ
1594
vdb-entry
x_refsource_BID
1595
vdb-entry
x_refsource_BID
MS00-060
vendor-advisory
x_refsource_MS
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now