Computer Security
[EN] securityvulns.ru
no-pyccku

  

Microsoft Internet Explorer saved pages crossite scripting
updated since 21.08.2007
Published:24.11.2008
Source:
SecurityVulns ID:8081
Type:client
Threat Level:
3/10
Description:Crossite scripting in context of local machine is possible on saving URL with address like http://site/--><script>alert("XSS")</script>
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content.)
Original documentdocumentMustLive, Code Execution via XSS in Internet Explorer (24.11.2008)
 documentDavid Vaartjes, [Fwd: RE: XSS via IE MOTW feature. [sd]] (22.08.2007)
 documentMustLive, Vulnerability in Internet Explorer (21.08.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru