CVE-1999-0750

Hotmail - Stored Cross-Site Scripting via HTML STYLE Tag

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0750. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit demonstrates a JavaScript injection vulnerability in Microsoft Internet Explorer 5.0 and Netscape Communicator 4.X via the HTML STYLE tag, bypassing Hotmail's JavaScript filtering to execute arbitrary commands in the context of the user's email inbox.

Description

Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Georgi Guninski · textremotemultiple

https://www.exploit-db.com/exploits/19492

View Code ZIP pw:eip

This exploit demonstrates a JavaScript injection vulnerability in Microsoft Internet Explorer 5.0 and Netscape Communicator 4.X via the HTML STYLE tag, bypassing Hotmail's JavaScript filtering to execute arbitrary commands in the context of the user's email inbox.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer 5.0, Netscape Communicator 4.0/4.5/4.6

No auth needed

Prerequisites: Victim must view a malicious HTML email in a vulnerable browser

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/630

Scores

EPSS 0.0873

EPSS Percentile 94.5%

Details

Status published

Products (1)

microsoft/hotmail

Published Sep 13, 1999

Tracked Since Feb 18, 2026