Description

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.

Remediation

References

CVE-2000-1104

Related Vulnerabilities

WordPress Plugin Yoast SEO Cross-Site Scripting (5.7.1)

Claroline Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3261)

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-3873)

WordPress Plugin Flexible Captcha Security Bypass (4.0)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Request Forgery (1.18.0)

Severity

High

Classification

CVE-2000-1104

Tags

Missing Update Known Vulnerabilities