QwikSec

Security Database

CVE

CWE

Training

CVE-2004-1319

Published: Jan 6, 2005

Modified: Aug 8, 2024

PUBLISHED

Description

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

ie-dhtml-xss(18504)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_CERT

http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm

x_refsource_MISC

oval:org.mitre.oval:def:3851

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:1114

vdb-entry

signature

x_refsource_OVAL

oval:org.mitre.oval:def:3464

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_MS

20041215 MSIE DHTML Edit Control Cross Site Scripting Vulnerability

mailing-list

x_refsource_BUGTRAQ

oval:org.mitre.oval:def:4758

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_CERT-VN

oval:org.mitre.oval:def:1701

vdb-entry

signature

x_refsource_OVAL

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.