There is no differentiation or explicit separation between Intranet and Internet web pages. Intranet sites that are vulnerable to cross-site-scripting and cross-site-request-forgery are not protected from malicious Internet websites. There is no built-in protection against cross-site scripting attacks. If older and potentially vulnerable plugins need to be used on Intranet pages, they will also be exposed to attack by a malicious Internet website