CVE-2004-1319
Description
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by AbusiveParent in Internet Explorer 6.0.2900.2180.
Risk Information
Base Score
8.0
MODERATE
Vector
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
31.297
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| ms05-013: vulnerability in the dhtml editing component activex control could allow code execution for Windows XP (KB891781) | Windows |
| ms05-013: vulnerability in the dhtml editing component activex control could allow code execution for Windows Server 2003 (KB891781) | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234