Vulnerability Database

296,746

Total vulnerabilities in the database

CVE-2005-4089

Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."

  • Published: Dec 8, 2005
  • Updated: Apr 13, 2023
  • CVE: CVE-2005-4089
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.1
  • AV:N/AC:M/Au:N/C:C/I:N/A:N

CWEs:

Software From Fixed in
microsoft / ie 6.0-sp1 6.0-sp1.x
microsoft / ie 6.0-sp2 6.0-sp2.x
microsoft / internet_explorer 6.0 6.0.x