On Thursday, May 19th 2005, Finjan Software (an internet security company) provided Microsoft with full technical details, including proof-of-concept, concerning the cross site scripting vulnerability in order to assist Microsoft with the fix. Within 12 hours of Finjan’s report, Microsoft completed the fix on its website, which is no longer exposed to this specific vulnerability.

The cross site scripting vulnerability could be potentially exploited to gather personal and confidential information (email address, home address, credit card number, etc.) from innocent consumers wishing to pre-order Microsoft’s new gaming console. This type of malicious exploit is commonly known as “Phishing”.