Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2062 — Cross-site Scripting in Microsoft Internet Explorer

3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

7.2%

top 8.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedDec 31

Latest updateApr 30

Description

Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer5.5, 6.0+1

🔴Vulnerability Details

GHSA

GHSA-f94v-48pw-mw72: Cross-site scripting (XSS) vulnerability in ftp↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 5/6 - FTP Web View Cross-Site Scripting↗2002-06-06

▶