https://www.exploit-db.com/exploits/23854
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1112

MemberManagementSystem2.1版本存在跨站脚本漏洞。远程攻击者借助（1）error.asp的err参数或者（2）register.asp注入任意web脚本或者HTML。

source: http://www.securityfocus.com/bid/9932/info
 
It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks. The issues are reported to affect the 'err' parameter of 'error.asp' script and the 'register.asp' script.
 
Member Management System version 2.1 has been reported to be affected by this issue, however, other versions may be vulnerable as well.

In the register form: "><iframe src=http://www.example.com/admin/user_del.asp?ID=[ID to delete]>

来源:XF
名称:mms-xss(15552)
链接:http://xforce.iss.net/xforce/xfdb/15552
来源:BID
名称:9932
链接:http://www.securityfocus.com/bid/9932
来源:SECTRACK
名称:1009508
链接:http://securitytracker.com/id?1009508
来源:SECUNIA
名称:11179
链接:http://secunia.com/advisories/11179
来源:BUGTRAQ
名称:20040322VulnerabilitiesinMemberManagementSystem2.1
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107999697625786&w;=2