Skip to main content

Microsoft Internet Explorer Cross-Site Scripting Attack Vulnerability

Last Update Date: 3 Feb 2015 11:53 Release Date: 3 Feb 2015 3889 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

A vulnerability was identified in Microsoft Internet Explorer. A remote user can conduct cross-site scripting attacks.

A remote user can create specially crafted HTML that, when loaded by a target user, will bypass the Microsoft Internet Explorer same origin domain policy and execute arbitrary scripting code. The code will originate from an arbitrary site and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

 

NOTE: No solution is currently available.


Impact

  • Cross-Site Scripting

System / Technologies affected

  • Version 11

Solutions

  • No solution is currently available.

Vulnerability Identifier

  • 暫時未有 CVE 參考提供。

Source


Related Link