CVE-2002-2073

Cross-site scripting (XSS) vulnerability in Microsoft Site Server 3.0 for Windows NT 4.0 affects the default ASP page Default.asp (ctr parameter) and formslogin.asp (query string). The issue allows remote attackers to inject arbitrary web scripts or HTML. Root cause is insufficient sanitization o...