JavaScript Injection Vulnerability in Hotmail by Microsoft
CVE-2000-0081

Currently unrated

Key Information:

Vendor: Microsoft
Status: Hotmail
Vendor: CVE Published:; 10 January 2000

Summary

Hotmail fails to adequately filter JavaScript code within user mailboxes, allowing remote attackers to execute arbitrary code by leveraging hexadecimal encoding in URLs, such as using the 'javascript:' protocol. This vulnerability could enable malicious actors to gain unauthorized control or access sensitive data through crafted messages.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-...

x_refsource_MISC

EPSS Score

29% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jan 22, 2000
Vulnerability published
Jan 10, 2000