Unrated severityNVD Advisory· Published Oct 20, 2000· Updated Apr 16, 2026

CVE-2000-0746

Description

Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.

Affected products

Microsoft/Frontpage
cpe:2.3:a:microsoft:frontpage:*:*:*:*:*:*:*:*
Microsoft/Internet Information Server
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
Microsoft/Internet Information Services
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/1594nvdPatchVendor Advisory
www.securityfocus.com/bid/1595nvdPatchVendor Advisory
www.securityfocus.com/templates/archive.pikenvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.015
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000