7.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.7%
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window’s “href” to the malicious Javascript, then calling execCommand(“Refresh”) to refresh the page, aka BodyRefreshLoadsJPU or the “ExecCommand Cross Domain” vulnerability.
secunia.com/advisories/10192
securitytracker.com/id?1007687
www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html
www.kb.cert.org/vuls/id/326412
www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm
www.securityfocus.com/archive/1/337086
docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392