CVE-2002-2435

CWE-200Information Exposure3 documents3 sources
Severity
4.3MEDIUM
EPSS
21.3%
top 4.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Internet ExplorerMicrosoft IE
Timeline
PublishedDec 7
Latest updateApr 30

Description

The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/ie7.0.6000.16711, 8.0.7600.16385, 8.0b+2

🔴Vulnerability Details

2
GHSA
GHSA-fxv5-cqrh-qvhc: The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 82022-04-30
CVEList
CVE-2002-2435: The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 82011-12-07
CVE-2002-2435 (MEDIUM CVSS 4.3) | The Cascading Style Sheets (CSS) im | cvebase.io