6.7 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.049 Low
EPSS
Percentile
92.6%
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by “AbusiveParent” in Internet Explorer 6.0.2900.2180.
archives.neohapsis.com/archives/bugtraq/2004-12/0167.html
freehost07.websamba.com/greyhats/abusiveparent-discussion.htm
secunia.com/advisories/13482/
www.kb.cert.org/vuls/id/356600
www.securityfocus.com/bid/11950
www.us-cert.gov/cas/techalerts/TA05-039A.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013
exchange.xforce.ibmcloud.com/vulnerabilities/18504
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758