Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2002-1688 | First vendor Publication | 2002-12-31 |
| Vendor | Cve | Last vendor Modification | 2021-07-23 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1688 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-17 | Accessing, Modifying or Executing Executable Files |
| CAPEC-30 | Hijacking a Privileged Thread of Execution |
| CAPEC-35 | Leverage Executable Code in Nonexecutable Files |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 2975 | Microsoft IE Back Button XSS Microsoft Internet Explorer contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate the URL upon clicking the "Back" button. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity. |
Sources (Detail)
| Source | Url |
|---|---|
| BID | http://www.securityfocus.com/bid/4505 |
| BUGTRAQ | http://online.securityfocus.com/archive/1/267561 |
| XF | https://exchange.xforce.ibmcloud.com/vulnerabilities/8844 |
Alert History
| Date | Informations |
|---|---|
| 2021-07-27 00:24:37 |
|
| 2021-07-24 01:44:15 |
|
| 2021-07-24 01:01:27 |
|
| 2021-07-23 17:24:42 |
|
| 2021-05-04 12:01:50 |
|
| 2021-04-22 01:01:58 |
|
| 2020-05-23 00:15:11 |
|
| 2017-07-11 12:01:12 |
|
| 2013-05-11 12:14:02 |
|
