The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-01-06T05:00:00
Updated: 2024-08-08T00:46:12.504Z
Reserved: 2005-01-06T00:00:00
Link: CVE-2004-1319
Vulnrichment
No data.
NVD
Status : Modified
Published: 2004-12-15T05:00:00.000
Modified: 2024-11-20T23:50:35.560
Link: CVE-2004-1319
Redhat
No data.