CVE-2006-5152Cross-site Scripting in Microsoft Internet Explorer

2 documents2 sources
Severity
6.8MEDIUMNVD
EPSS
27.2%
top 3.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedOct 5
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-7w57-3xw4-6hgx: Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 enc2022-05-01
CVE-2006-5152 — Cross-site Scripting in Microsoft | cvebase