Vulnerability Description
Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Frontpage | All versions |
| Microsoft | Internet Information Server | 4.0 |
| Microsoft | Internet Information Services | 5.0 |
References
- http://www.securityfocus.com/bid/1594PatchVendor Advisory
- http://www.securityfocus.com/bid/1595PatchVendor Advisory
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=39A12BD6.E811BF4F
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-06
- http://www.securityfocus.com/bid/1594PatchVendor Advisory
- http://www.securityfocus.com/bid/1595PatchVendor Advisory
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=39A12BD6.E811BF4F
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-06
FAQ
What is CVE-2000-0746?
CVE-2000-0746 is a vulnerability with a CVSS score of 7.5 (HIGH). Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are...
How severe is CVE-2000-0746?
CVE-2000-0746 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0746?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Frontpage, Microsoft Internet Information Server, Microsoft Internet Information Services.