The host is installed with Windows server 2003 SP2 x86, Windows server 2003 SP2 x64, Windows server 2008 x86, Windows server 2008 x64,Windows server 2008 x86 SP2, Windows server 2008 x64 SP2, Windows server 2008 R2 x64 , Windows server 2008 R2 x64 SP1 with Active Directory Certificate Services Web Enrollment enabled is prone to cross-site scripting (XSS) vulnerability. A flaw is present in Active Directory Certificate Services Web Enrollment that could allow an attacker to inject a client-side script into the user's instance of Internet Explorer. Successful exploitation allows attackers to inject script into the response to a Web page request, and disclose information.