Vulnerability Name: | CVE-2002-1688 (CCN-8844) | ||||||||
Assigned: | 2002-04-14 | ||||||||
Published: | 2002-04-14 | ||||||||
Updated: | 2021-07-23 | ||||||||
Summary: | The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Sun Apr 14 2002 - 15:06:25 CDT Using the backbutton in IE is dangerous Source: MITRE Type: CNA CVE-2002-1688 Source: BUGTRAQ Type: UNKNOWN 20020414 Using the backbutton in IE is dangerous Source: CCN Type: OSVDB ID: 2975 Microsoft IE Back Button XSS Source: BID Type: Exploit 4505 Source: CCN Type: BID-4505 Microsoft Internet Explorer History List Script Injection Vulnerability Source: XF Type: UNKNOWN ie-history-javascript-urls(8844) Source: XF Type: UNKNOWN ie-history-javascript-urls(8844) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |