Cross site scripting
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted HTML document in a situation where the client user drags one browser window across another...