CVE Database · CVE-2002-0648
CVSS v3.1
N/A
EPSS
48.44%
Published
Sep 24, 2002
Modified
Apr 15, 2026
Public PoC / Exploit (2)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
Affected Products (7)
References (18)
