Visitors to web sites that use Microsoft IIS 5.0 and 5.1 are vulnerable to cross-site scripting attacks through the IIS help facility.
Many Internet web sites overlook the possibility that a client may send malicious data intended to be used only by itself. This is an easy mistake to make. After all, why would a user enter malicious code that only the user will see?
For a description of the potential impact, see http://www.cert.org/advisories/CA-2000-02.html#impact. .
For a description of the range of solutions to this problem, see http://www.cert.org/advisories/CA-2000-02.html#solution. In this instance, web site managers should apply a patch as described in MS02-018.
Our thanks to Microsoft Corporation, who described this instance of cross-site scripting problems in MS02-018.
|Date First Published:||2002-04-10|
|Date Last Updated:||2002-04-10 22:31 UTC|