Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2010-0494

🗓️ 31 Mar 2010 19:30:00Reported by [email protected]Type 
nvd
 nvd🔗 web.nvd.nist.gov👁 11 Views

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
Check Point Advisories		Internet Explorer Element Cross-Domain Information Disclosure (MS10-018; CVE-2010-0494)
1 Apr 201000:00
checkpoint_advisories
CVE		CVE-2010-0494
31 Mar 201019:00
cve
Cvelist		CVE-2010-0494
31 Mar 201019:00
cvelist
OpenVAS		Microsoft Internet Explorer Multiple Vulnerabilities (980182)
1 Apr 201000:00
openvas
OpenVAS		Microsoft Internet Explorer Multiple Vulnerabilities (980182)
1 Apr 201000:00
openvas
Prion		Cross site scripting
31 Mar 201019:30
prion
Positive Technologies		PT-2010-2254 · Microsoft · Internet Explorer
31 Mar 201000:00
ptsecurity
securityvulns		Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer (980182)
31 Mar 201000:00
securityvulns
securityvulns		Microsoft Internet Explorer multiple security vulnerabilities
5 Apr 201000:00
securityvulns
Tenable Nessus		MS10-018: Cumulative Security Update for Internet Explorer (980182)
30 Mar 201000:00
nessus
Rows per page
NVD
Node
microsoftinternet_explorerMatch7
AND
microsoftwindows_2003_serversp2itanium
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp3
OR
microsoftwindows_xpMatch-sp2x64
Node
microsoftinternet_explorerMatch7
AND
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x32
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_server_2008sp2x32
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_server_2008Match-sp2x64
OR
microsoftwindows_vista
OR
microsoftwindows_vistax64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp2
Node
microsoftinternet_explorerMatch6
AND
microsoftwindows_server_2003sp2
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp3
OR
microsoftwindows_xpMatch-sp2x64
Node
microsoftinternet_explorerMatch8
OR
microsoftinternet_explorerMatch8.0.6001
AND
microsoftwindows_2003_serversp2
OR
microsoftwindows_2003_serversp2itanium
OR
microsoftwindows_7Match-
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_server_2008r2itanium
OR
microsoftwindows_server_2008r2x64
OR
microsoftwindows_server_2008sp2x64
OR
microsoftwindows_vista
OR
microsoftwindows_vistax64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_vistaMatch-sp1
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp3
OR
microsoftwindows_xpMatch-sp2x64
Node
microsoftinternet_explorerMatch6sp1
AND
microsoftwindows_2000sp4

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Apr 2026 01:13Current
5.4Medium risk
Vulners AI Score5.4
CVSS 24.3
EPSS0.50183
CWE-200
microsoft internet explorersame origin policycross-site scripting
11