Description
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Eiji James Yoshida · textremotewindows
https://www.exploit-db.com/exploits/21515
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4954
Exploit, Vendor Advisory x_refsource_misc
http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0037.html
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9290.php
Scores
EPSS
0.0719
EPSS Percentile
91.6%
Details
Status
published
Products (2)
microsoft/internet_explorer
5.5 (3 CPE variants)
microsoft/internet_explorer
6.0
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026