Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1187 — Cross-site Scripting in Microsoft Internet Explorer

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

26.6%

top 3.65%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedDec 11

Latest updateApr 30

Description

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer4 versions+3

Patches

Patch: www.iss.net ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-95g5-p5xc-vf52: Cross-site scripting vulnerability (XSS) in Internet Explorer 5↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 5 - IFrame/Frame Cross-Site/Zone Script Execution↗2002-09-09

▶