Cross Site Scripting in microsoft.com

From: frog frog (leseulfrog@hotmail.com)
Date: 01/06/02


Date: 6 Jan 2002 16:28:54 -0000
From: frog frog <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com


('binary' encoding is not supported, stored as-is)

The hole is here :

http://www.microsoft.com/freedomtoinnovate/inc/send
friend.asp?sAddress="><script>alert('Microsoft%
20hole')</script>

frog