Summary
The malicious user is able to compromise the parameters to invoke a Cross-Site Scripting attack. This can be used to take advantage of the trust between a client and server allowing the malicious user to execute malicious JavaScript on the client's machine or perform a denial of service shutting down IIS.
Solution
Upgrade to version 5.098 or newer
Severity
Classification
-
CVE CVE-2004-0681, CVE-2004-0682 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities