2 matches found
Cross site scripting
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a 1 location or 2 location.href property, related to incorrect determination of t...
CVE-2008-2949
CVE-2008-2949 describes a cross-domain vulnerability in Internet Explorer 6 and 7 where the attacker could manipulate the window.location object using a String to observe events across domains. The root cause is the incorrect determination of the origin of web script, enabling potential viewing o...