CVE-2005-3312 — Cross-site Scripting in Microsoft Internet Explorer

10 documents2 sources

Severity

4.3MEDIUMNVD

NVD4.0NVD3.5

EPSS

20.4%

top 4.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Drupal Invision Power Services Invision Gallery Microsoft Internet Explorer +2 more

Timeline

PublishedOct 26

Latest updateMay 1

Description

The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶NVDmicrosoft/internet_explorer6.0

▶NVDyabb/yabb12 versions+11

▶NVDdrupal/drupal10 versions+9

▶NVDphpbb_group/phpbb2.0.17

▶NVDinvision_power_services/invision_gallery2.0.3

🔴Vulnerability Details

GHSA

GHSA-qww4-844q-f6m5: The HTML rendering engine in Microsoft Internet Explorer 6↗2022-05-01

▶

GHSA

GHSA-89j5-hc8f-rvw2: Multiple interpretation error in the image upload handling code in Invision Gallery 2↗2022-05-01

▶

GHSA

GHSA-whch-jrm6-gwgp: Interpretation conflict in file↗2022-05-01

▶

GHSA

GHSA-8pj3-c92f-vjfj: Interpretation conflict in YaBB before 2↗2022-05-01

▶

GHSA

GHSA-94qp-2fqg-7mc4: Interpretation conflict in phpBB 2↗2022-05-01

▶