Back

CVE-2000-1104

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.

Published: Jan 9, 2001 Modified: Apr 16, 2026

CVSS Metrics

Affected Products (2)

Vendor	Product	Version
microsoft	internet_information_server	4.0
microsoft	internet_information_services	5.0

GitHub Security Advisory GHSA-68vx-xw79-w5cg

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 ...

References (2)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-060

Risk Scores

CVSS Score 7.5 / 10

EPSS Score 12.83%

Top 6% most likely to be exploited

Threat Score 33.8 / 100

Data Sources

NVD EPSS GitHub