4 matches found
Internet Explorer 7 Canceled Page Cross-Site Scripting (MS07-033; CVE-2007-1752)
Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, etc. There exists a vulnerability in...
Microsoft IE navcancl.htm跨站脚本执行漏洞(MS07-033)
BUGTRAQ ID: 22966 CVECAN ID: CVE-2007-1499 Internet Explorer是微软发布的非常流行的WEB浏览器。 IE在处理页面导航的操作上存在漏洞,远程攻击者可能利用此漏洞实现跨站脚本执行。 如果由于某种原因取消了到特定页面的导航的话,IE 7浏览器会使用navcancl.htm本地资源,在取消导航时特定页面的URL在“”符号后提供给了navcancl.htm,如res://ieframe.dll/navcancl.htmhttp://www.site.com...
Microsoft Internet Explorer page content spoofing
Crossite scripting in res://ieframe.dll/navcancl.htmhttp://www.site.com page allows to inject HTML code into page...
Microsoft Internet Explorer 7 - NavCancel.HTM Cross-Site Scripting
Microsoft Internet Explorer 7 - NavCancel.HTM Cross-Site Scripting source: https://www.securityfocus.com/bid/22966/info Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit...