Reported January 22, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·         Microsoft Content Management Server 2001

 

 

DESCRIPTION

 

A vulnerability in Microsoft Content Management Server (MCMS) 2001 permits an attacker to insert script code into data that a user sends to an MCMS server. The vulnerability stems from a Cross-Site Scripting flaw and could result in the ability to access information that the user shared with the legitimate site.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-002, "Cumulative Patch for Microsoft Content Management Server (810487)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.

 

CREDIT          

Discovered by Microsoft.