Test ID:	1.3.6.1.4.1.25623.1.0.101000
Category:	Windows : Microsoft Bulletins
Title:	Microsoft IIS XSS Vulnerability (MS00-060) - Active Check
Summary:	Microsoft IIS do not properly protect against cross-site; scripting (XSS) attacks.
Description:	Summary: Microsoft IIS do not properly protect against cross-site scripting (XSS) attacks. Vulnerability Impact: They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site. Affected Software/OS: Microsoft IIS 4.0 and 5.0 is known to be affected. Solution: Microsoft has released a patch to correct these issues. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2000-0746 BugTraq ID: 1594 http://www.securityfocus.com/bid/1594 BugTraq ID: 1595 http://www.securityfocus.com/bid/1595 Bugtraq: 20000821 IIS 5.0 cross site scripting vulnerability - using .shtml files or /_vti_bin/shtml.dll (Google Search) http://www.securityfocus.com/templates/archive.pike?list=1&msg=39A12BD6.E811BF4F@nat.bg Microsoft Security Bulletin: MS00-060 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060 Common Vulnerability Exposure (CVE) ID: CVE-2000-1104
Copyright	Copyright (C) 2009 Christian Eric Edjenguele

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.