CVE-2000-0746

Name of the Vulnerable Software and Affected Versions IIS versions 4.0 through 5.0

Description The issue allows a malicious web site operator to embed scripts in a link to a trusted site. These scripts are returned without quoting in an error message back to the client, which then executes them in the same context as the trusted site.

Recommendations For IIS versions 4.0 through 5.0, consider disabling the error message feature that returns unquoted scripts to minimize the risk of exploitation. Restrict access to potentially vulnerable web pages to minimize the risk of cross-site scripting attacks.