Cross-Site Scripting Vulnerability in DHTML Edit Control by Microsoft
CVE-2004-1319
Currently unrated
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 15 December 2004
What is CVE-2004-1319?
The DHTML Edit Control (dhtmled.ocx) presents a vulnerability that allows remote attackers to execute arbitrary web scripts on other domains. By manipulating the naming of a window and opening a child page targeting that window, attackers can inject malicious scripts into the child page using the execScript method. This vulnerability is particularly concerning in environments using Internet Explorer 6.0.2900.2180, and it highlights significant security risks associated with improper handling of user-generated content and domain handling in web applications.