← back
CVE-2004-2383

CVE-2004-2383

EPSS 20.0%
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/23766unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/15337http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=falsehttp://www.securityfocus.com/bid/9761