The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2004-12-15 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2004-1319
Mitre link : CVE-2004-1319
CVE.ORG link : CVE-2004-1319
JSON object : View
Products Affected
nortel
- optivity_telephony_manager
- mobile_voice_client_2050
- ip_softphone_2050
microsoft
- windows_me
- windows_2003_server
- windows_98
- windows_xp
- windows_98se
- windows_2000
CWE