ie-iframe.txt

Georgi Guninski security advisory 12, 2000 IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski...

Очередная дырка javascript в IE

Сочетание метода navigate с IFRAME позволяет обратиться к локальным файлам. IFRAME ID="I1"/IFRAME SCRIPT for=I1 event="NavigateComplete2b" alert"Here is your file:n"+b.document.body.innerText; /SCRIPT SCRIPT I1.navigate"file://c:/test.txt"; setTimeout'I1.navigate"file://c:/test.txt"',1000; /SCRIP...

IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control

Georgi Guninski security advisory 12, 2000 IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski...

CVE-2000-0503

The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event...

CVE-1999-0877

Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME...

CVE-1999-0877

Affected product : Internet Explorer 5. The vulnerability allows a remote attacker to read files by invoking an ExecCommand on an IFRAME. The description provides the root cause as an insecure use of ExecCommand within an IFRAME context, enabling unauthorized file access. The connected documents ...

ie50.cross-frame.txt

Subject: IE 5.0 cross-frame vulnerabilities back again from: Francis Favorini Folks, It seems that after applying the IFRAME ExecCommand patch from MS9-042, IE 5.0 is again vulnerable to Georgi Guninski's cross-frame bugs. You can visit his page at to test. I tested this on 2 NTW 4.0 SP5 machines...

IE5_IFRAME_vuln.txt

IE 5.0 security vulnerability - reading local and from any domain, probably window spoofing is possible files using IFRAME and document.execCommand Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially...

Microsoft Internet Explorer 5.04.0.1 - iFrame

Microsoft Internet Explorer 5.04.0.1 - iFrame Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 IFRAME Vulnerability source: https://www.securityfocus.com/bid/696/info Internet Explorer 5 will allow a...

Microsoft Internet Explorer 5.0/4.0.1 - iFrame

Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 IFRAME Vulnerability source: https://www.securityfocus.com/bid/696/info Internet Explorer 5 will allow a malicious web page to read the contents of...

Internet Explorer help

None None...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...