Microsoft » Windows Server 2003 : Security Vulnerabilities, CVEs, Published In 2010 (XSS)
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
Max CVSS
4.3
EPSS Score
2.42%
Published
2010-03-31
Updated
2023-12-07
Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
Max CVSS
4.3
EPSS Score
9.14%
Published
2010-06-15
Updated
2019-02-26
2 vulnerabilities found