Whats wrong with the web page that Microsoft Content Management Server 2001 uses?
There is a flaw in a web page used by MCMS. This web page is used to collect user input; however the data input by the user is not correctly validated. It would therefore be possible for an attacker to insert script into the data being sent by a user to an MCMS server via this web page. Because the server then generates a web page in response to the user’s request, it is possible that a script supplied by the attacker could be embedded within the returned page and would run when processed by the user’s browser. What could this vulnerability enable an attacker to do? This vulnerability could enable an attacker to run malicious script in the security context of a legitimate web site. This script could perform actions that the user would be allowed to take on the web site. For instance, it could allow the attacker to alter the data contained in the legitimate site’s web pages, monitor the session that the user had with the legitimate site and copy personal data to a third site. It could a
