CVE-2010-0494

2010-03-3119:30:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2010-0494

internet explorer

cross-domain vulnerability

xss

same origin policy

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.023 Low

EPSS

Percentile

89.5%

JSON

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka “HTML Element Cross-Domain Vulnerability.”

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq7
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_xpmicrosoft windows xpeq-
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_vistamicrosoft windows vistaeq-
microsoft:internet_explorermicrosoft internet explorereq6

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	7
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_xp	microsoft windows xp	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_vista	microsoft windows vista	eq	-
microsoft:internet_explorer	microsoft internet explorer	eq	6