CVE-2000-1104

Published: Jan 9, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.

Affected (2)

Products: Microsoft: Internet Information Server, Internet Information Services

Microsoft

2 products

Internet Information Server

Internet Information Services

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Information Server	Version 4.0
Microsoft Internet Information Services	Version 5.0

References (2)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.