JavaScript Injection Vulnerability in Hotmail by Microsoft
CVE-2000-0081

Currently unrated

Key Information:

Vendor: Microsoft
Status: Hotmail
Vendor: CVE Published:; 10 January 2000

What is CVE-2000-0081?

Hotmail fails to adequately filter JavaScript code within user mailboxes, allowing remote attackers to execute arbitrary code by leveraging hexadecimal encoding in URLs, such as using the 'javascript:' protocol. This vulnerability could enable malicious actors to gain unauthorized control or access sensitive data through crafted messages.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-...

x_refsource_MISC

EPSS Score

29% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jan 22, 2000
Vulnerability published
Jan 10, 2000