The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5441
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-084