MS06-053: Vulnerability in Indexing Service Could Allow XSS (920685)
Medium Nessus Plugin ID 22333
SynopsisThe remote web server is vulnerable to a cross-site scripting attack.
DescriptionThe remote host is running a version of the Indexing service that fails to adequately sanitize some requests. Combined with a web server using this service, this flaw could be exploited by an attacker who would be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site.
SolutionMicrosoft has released a set of patches for Windows NT, 2000, XP and 2003.