vendor:
Internet Explorer
by:
Jelmer de Hen
8,8
CVSS
HIGH
Cross-site Scripting (XSS)
79
CWE
Product Name: Internet Explorer
Affected Version From: Internet Explorer 6.0
Affected Version To: Internet Explorer 7.0
Patch Exists: YES
Related CWE: CVE-2007-5133
CPE: a:microsoft:internet_explorer
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2007
Table Position Absolute Clip Rect 0 Vulnerability
A vulnerability in the HTML table tag with the style attribute set to position:absolute;clip:rect(0) allows an attacker to inject malicious JavaScript code into a web page. The code is executed when the page is rendered in the browser. This vulnerability affects all versions of Internet Explorer prior to version 8.0. The vulnerability can be exploited by an attacker to gain access to sensitive information or to execute malicious code on the user's system.
Mitigation:
The best way to mitigate this vulnerability is to ensure that all HTML code is properly validated and sanitized before being rendered in the browser.
