Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.
| Software | From | Fixed in |
|---|---|---|
| microsoft / internet_information_server | 4.0 | 4.0.x |
| microsoft / internet_information_services | 5.0 | 5.0.x |