CVE-2004-1319

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Published: Dec 15, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1319
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_xp	-	-
nortel / optivity_telephony_manager	-	-
microsoft / windows_2003_server	web	web.x
microsoft / windows_2003_server	enterprise	enterprise.x
microsoft / windows_2003_server	enterprise_64-bit	enterprise_64-bit.x
microsoft / windows_2000	-	-
microsoft / windows_98se	-	-
microsoft / windows_2003_server	r2	r2.x
nortel / ip_softphone_2050	-	-
microsoft / windows_me	-	-
microsoft / windows_2003_server	standard	standard.x
microsoft / windows_98	-	-
nortel / mobile_voice_client_2050	-	-

Vulnerability Database

289,599

CVE-2004-1319