Reported January 22, 2003, by Microsoft.
VERSIONS AFFECTED
· Microsoft Content Management Server 2001
DESCRIPTION
A vulnerability in Microsoft Content Management Server (MCMS) 2001 permits an attacker to insert script code into data that a user sends to an MCMS server. The vulnerability stems from a Cross-Site Scripting flaw and could result in the ability to access information that the user shared with the legitimate site.
VENDOR RESPONSE
Microsoft has released Security Bulletin MS03-002, "Cumulative Patch for Microsoft Content Management Server (810487)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.
CREDIT
Discovered
by Microsoft.