--[ Security Advisory --[ Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001 --[ Author: Ory Segal , Sanctum inc. http://www.SanctumInc.com --[ Release Date: April 5th. 2004 --[ Product: Microsoft SharePoint Portal Server 2001 --[ Severity: High --[ CVE: CAN-2004-0379 --[ Description From Microsoft's web site: "Microsoft SharePoint Portal Server provides an easy way to create Web portals with integrated document management services and search capabilities. You can establish a central point of access to all your existing key business information and applications, as well as share information across file servers, databases, public folders, Internet sites, and SharePoint Team Services-based Web sites." Sanctum inc. has discovered several Cross Site Scripting vulnerabilities in three scripts, which are a part of Microsoft SharePoint Portal server 2001. These vulnerabilities may lead to theft of cookies associated with the domain, or execution of client-side scripts in the user's browser. --[ Solution Microsoft has addressed these XSS issues in Service Pack 3 of Microsoft SharePoint Portal Server, which can be downloaded at: http://www.microsoft.com/downloads/details.aspx?FamilyId=15677A92-3470-465F-9F63-E621094103E0&displaylang=en --[ Greets Happy Passover!