The browser history feature in Microsoft Internet Explorer 5.5 up to and including 6.0 allows remote malicious users to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet explorer 5.5 |
||
microsoft internet explorer 6.0 |