CVE Catalog

CVE-2000-0266

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
16.23%

97th percentile — higher than 97% of all known CVEs

Summary

Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.

Risk Assessment

Attackers can exploit this vulnerability to inject malicious JavaScript code, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to update Internet Explorer to the latest version or use alternative browsers that are not vulnerable to this issue.

Original NVD description (English source)

Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS