header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Internet Explorer
Affected Version From: Microsoft Internet Explorer 5.0
Affected Version To: Microsoft Internet Explorer 6.0
Patch Exists: YES
Related CWE: N/A
CPE: a:microsoft:internet_explorer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Cross-Site Scripting in Microsoft Internet Explorer

A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a parse error that also includes the URL of the requested XML file. In some cases malicious HTML code will not be properly sanitized from the URL, thereby resulting in the execution of script code. Exploitation may allow theft of cookie-based authentication credentials or other attacks.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7938/info

A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks.

If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a parse error that also includes the URL of the requested XML file. In some cases malicious HTML code will not be properly sanitized from the URL, thereby resulting in the execution of script code.

Exploitation may allow theft of cookie-based authentication credentials or other attacks.

http://host.with.unparsable.xml.file/flaw.xml?<script>alert(document.cookie)</script>

Navigation

Suggest Exploit

Services By CQR