The host is installed with Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x or 4.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character. Successful exploitation could allow attackers to inject arbitrary code.