“Microsoft has identified a serious security vulnerability that
could potentially affect many web sites and web site users. The
vulnerability, known as ‘Cross-Site Scripting’, is equally possible
on all vendors’ products, and does not result from a defect in any
of them. Instead, it results from certain common web coding
practices.”
“Cross-Site Scripting would potentially enable a malicious
user to introduce executable code of his choice into another user’s
web session. Once the code was running, it could take a wide range
of actions…”
“The long-term solution to the problem requires web sites and
web site developers to review their code and verify that it adheres
to secure coding practices. However, in the short term, there are
some steps that customers can take to minimize the likelihood of
being affected by this issue. The FAQ discusses these in
detail.”