The host is installed with Microsoft Systems Management Server 2003 SP3 or Microsoft System Center Configuration Manager 2007 SP2 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to handle a specially crafted URL. Successful exploitation allows attackers to force users to visit attacker's website by getting them to click a link in an email message or Instant Messenger message.