Description

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.

Remediation

References

CVE-2000-1104

Related Vulnerabilities

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17003)

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-32679)

WordPress Plugin Frontend File Manager Arbitrary File Upload (1.8)

Dolibarr Incorrect Default Permissions Vulnerability (CVE-2020-13240)

qdPM Sensitive Information Disclosure Vulnerability (CVE-2015-3881)

Severity

High

Classification

CVE-2000-1104

Tags

Missing Update Known Vulnerabilities