Microsoft IIS shtml.dll XSS

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is vulnerable to a cross-site scripting attack.

Description :

The remote web server is running with Front Page extensions. The
remote version of the FrontPage extensions are vulnerable to a cross-
site scripting issue when the CGI /_vti_bin/shtml.dll is provided with
improper parameters.

See also :

Solution :

Microsoft has released a set of patches for IIS 4.0 and 5.0.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3

Family: CGI abuses : XSS

Nessus Plugin ID: 11395 (frontpage_xss.nasl)

Bugtraq ID: 1594

CVE ID: CVE-2000-0746

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial