Microsoft Content Management Server (MCMS) 2001 is an Enterprise Server product that simplifies developing and managing E-Commerce web sites. MCMS includes a number of pre-defined ASP web pages that allow web site operators to quickly set up E-business websites.

A Cross-Site Scripting flaw exists in one of these ASP pages that could allow an attacker to insert script into the data being sent to a MCMS server. Because the server generates a web page in response to a user request made using this page, it is possible that the script could be embedded within the page that CMS generates & returns to the user, this script would then run when processed by the user's browser. This could result in an attacker being able to access information the user shared with the legitimate site.

Affected Software:
Microsoft Content Management Server 2001

Patch availability:
Microsoft Content Management Server 2001