Cross-Site Scripting Vulnerability in Microsoft Content Management Server 2001

Reported January 22, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·         Microsoft Content Management Server 2001

 

 

DESCRIPTION

 

A vulnerability in Microsoft Content Management Server (MCMS) 2001 permits an attacker to insert script code into data that a user sends to an MCMS server. The vulnerability stems from a Cross-Site Scripting flaw and could result in the ability to access information that the user shared with the legitimate site.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-002, "Cumulative Patch for Microsoft Content Management Server (810487)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.

 

CREDIT          

Discovered by Microsoft.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish