Affected applications: Microsoft Internet Explorer 5.5 & 6.0.
Note that any other application that uses Internet Explorer's engine (WebBrowser control) is affected as well (AOL Browser, MSN Explorer, etc.).
Discussion: We have found that in some cases the displayed URL is not filtered appropriately, & may cause HTML that was passed in the querystring of the URL to be rendered by the browser. This creates a classic cross-site scripting attack in almost any XML file that MSXML fails to read. Practically, this means that leaving XML files on your server that can't be parsed correctly by Internet Explorer & MSXML is exposing the site to a global Cross-Site Scripting attack. We have been able to reproduce this problem in various setups, but we couldn't pinpoint the vulnerable component reliably enough. It is most likely an MSXML issue, & not a flaw in Internet Explorer itself.
Would you like to know more?