Windows Live Spaces suffers from a cross site scripting vulnerability in NetworkSetup.aspx.
c7f7738ff0ba5abd8262cd330013a6e4f789fdefc29caca78f01030de90bb36f
2 vulnerabilities in Hosting Controller allow remote authenticated users to change every user password or upload files in every directory.
94ba0a237df21bf6b4d45a0d0376b17453e5d93f93cbdfcbc22696bf830d76f8