9.3

CVE-2003-1026

EPSS 55.82%
Published 20.01.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Ie Version6.0 Updatesp1

Microsoft ≫ Internet Explorer Version5.0

Microsoft ≫ Internet Explorer Version5.0.1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp2

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp3

Microsoft ≫ Internet Explorer Version5.5

Microsoft ≫ Internet Explorer Version5.5 Updatesp1

Microsoft ≫ Internet Explorer Version5.5 Updatesp2

Microsoft ≫ Internet Explorer Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	55.82%	0.98

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA04-033A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004

http://marc.info/?l=bugtraq&m=106979349517578&w=2

http://marc.info/?l=bugtraq&m=107038202225587&w=2

http://www.kb.cert.org/vuls/id/784102

Third Party Advisory

US Government Resource

http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu

https://exchange.xforce.ibmcloud.com/vulnerabilities/13846

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805

https://nvd.nist.gov/vuln/detail/CVE-2003-1026

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-1026

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-1026

EUVD