Lucene search

K
cve[email protected]CVE-2004-1319
HistoryDec 15, 2004 - 5:00 a.m.

CVE-2004-1319

2004-12-1505:00:00
NVD-CWE-Other
web.nvd.nist.gov
23
dhtml edit control
remote attack
arbitrary web script
internet explorer
cve-2004-1319

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.049 Low

EPSS

Percentile

92.6%

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by “AbusiveParent” in Internet Explorer 6.0.2900.2180.

References

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.049 Low

EPSS

Percentile

92.6%

Related for CVE-2004-1319