CVE-2002-1688

Microsoft Internet Explorer <6.0 - XSS

Title source: llm

Description

The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andreas Sandblad · htmlremotewindows

https://www.exploit-db.com/exploits/21376

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/4505

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/8844

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/267561

Scores

EPSS 0.3670

EPSS Percentile 97.2%

Details

Status published

Products (2)

microsoft/internet_explorer 5.5 (3 CPE variants)

microsoft/internet_explorer 6.0

Published Dec 31, 2002

Tracked Since Feb 18, 2026