CSS Cross-Domain Information Disclosure Vulnerability (2K/XP)ID: oval:org.mitre.oval:def:1914 | Date: (C)2006-06-14 (M)2021-09-11 |
Class: VULNERABILITY | Family: windows |
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
Platform: |
Microsoft Windows 2000 |
Microsoft Windows XP |
Product: |
Microsoft Internet Explorer |