Unrated severityNVD Advisory· Published Apr 10, 2007· Updated Apr 23, 2026

CVE-2007-0939

Description

Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."

Affected products

Microsoft/Content Management Server2 versions
cpe:2.3:a:microsoft:content_management_server:2001:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:content_management_server:2001:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:content_management_server:2002:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/24819nvd
www.osvdb.org/34007nvd
www.securityfocus.com/archive/1/466331/100/200/threadednvd
www.securityfocus.com/bid/22860nvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/1322nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-018nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1575nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.013
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000