Cross-Site Scripting Vulnerability in DHTML Edit Control by Microsoft
CVE-2004-1319

Currently unrated

Key Information:

Vendor

Microsoft
Status
Windows Xp
Optivity Telephony Manager
Windows 2003 Server
Windows 2000
Vendor
CVE Published:
15 December 2004

What is CVE-2004-1319?

The DHTML Edit Control (dhtmled.ocx) presents a vulnerability that allows remote attackers to execute arbitrary web scripts on other domains. By manipulating the naming of a window and opening a child page targeting that window, attackers can inject malicious scripts into the child page using the execScript method. This vulnerability is particularly concerning in environments using Internet Explorer 6.0.2900.2180, and it highlights significant security risks associated with improper handling of user-generated content and domain handling in web applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/13482/
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/18504
vdb-entryx_refsource_XF
http://www.us-cert.gov/cas/techalerts/TA05-039A.html
third-party-advisoryx_refsource_CERT

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.