Lucene search
K

7 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.206 views

MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection", 'Description' = %q This module exploits a universal cross-site...

4.3CVSS7AI score0.71698EPSS
Exploits5
Circl
Circl
added 2018/05/29 3:50 p.m.21 views

CVE-2015-0072

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/ieuxssinjection.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:34+00:00| seen|...

4.3CVSS5.8AI score0.71698EPSS
Exploits5References1
Hacker One
Hacker One
added 2016/01/04 11:34 a.m.30 views

HackerOne: HackerOne is still prone to Internet Explorer UXSS

Hi, I have managed to leverage CVE 2015-0072, so that the attack will work with any framed resource protected by X-Frame-Options: DENY header. According to 103787, only https://hackerone.com/cdn-cgi/trace was unprotected and now its already fixed. In my PoC I used several X-Frame-Options protecte...

0.2AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2015/03/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-0072

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

4.3CVSS5.9AI score0.71698EPSS
Exploits5References1
Packet Storm
Packet Storm
added 2015/02/09 12:0 a.m.46 views

Microsoft Internet Explorer Universal XSS Proof Of Concept

Cookie hijacking: Internet Explorer UXSS CVE-2015-0072 Host below files on webserver attacker.com and share the exploit link with victims, exploit.php --- exploit link Share with victim redirect.php --- Script to redirect on target page target page should not contain X-Frame-Options or it will fa...

4.3CVSS0.1AI score0.71698EPSS
Exploits5
Cvelist
Cvelist
added 2015/02/07 6:0 p.m.31 views

CVE-2015-0072

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

5.1AI score0.71698EPSS
Exploits5References12
CVE
CVE
added 2015/02/07 6:0 p.m.87 views

CVE-2015-0072

CVE-2015-0072 describes a Universal XSS (UXSS) in Internet Explorer 9–11, allowing remote injection of script by abusing IFRAME-based redirects and WindowProxy eval to bypass Same Origin Policy. The vulnerability affects Microsoft Internet Explorer versions 6–11 and can lead to arbitrary code exe...

4.3CVSS5.1AI score0.71698EPSS
Exploits5References12Affected Software1
Rows per page
Query Builder