Cross-Site Scripting Vulnerability in DHTML Edit Control by Microsoft
CVE-2004-1319

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Optivity Telephony Manager; Windows 2003 Server; Windows 2000
Vendor: CVE Published:; 15 December 2004

Summary

The DHTML Edit Control (dhtmled.ocx) presents a vulnerability that allows remote attackers to execute arbitrary web scripts on other domains. By manipulating the naming of a window and opening a child page targeting that window, attackers can inject malicious scripts into the child page using the execScript method. This vulnerability is particularly concerning in environments using Internet Explorer 6.0.2900.2180, and it highlights significant security risks associated with improper handling of user-generated content and domain handling in web applications.

References

http://secunia.com/advisories/13482/

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/18504

vdb-entryx_refsource_XF

http://www.us-cert.gov/cas/techalerts/TA05-039A.html

third-party-advisoryx_refsource_CERT

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jan 6, 2005
Vulnerability published
Dec 15, 2004