Cumulative MS Content Management Server Patch

By Thomas McGuire on January 23, 2003, 12:50 PM
Microsoft Content Management Server (MCMS) 2001 is an Enterprise Server product that simplifies developing and managing E-Commerce web sites. MCMS includes a number of pre-defined ASP web pages that allow web site operators to quickly set up E-business websites.

A Cross-Site Scripting flaw exists in one of these ASP pages that could allow an attacker to insert script into the data being sent to a MCMS server. Because the server generates a web page in response to a user request made using this page, it is possible that the script could be embedded within the page that CMS generates & returns to the user, this script would then run when processed by the userís browser. This could result in an attacker being able to access information the user shared with the legitimate site.

Affected Software:
Microsoft Content Management Server 2001

Patch availability:
Microsoft Content Management Server 2001




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.