CVE-2004-1319

CVE Database · CVE-2004-1319

CVE-2004-1319

· N/AModified

CVSS v3.1

N/A

EPSS

26.92%

Published

Dec 15, 2004

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Affected Products (27)

nortel · ip_softphone_2050vulnerable

nortel · mobile_voice_client_2050vulnerable

nortel · optivity_telephony_managervulnerable

microsoft · windows_2000vulnerable

microsoft · windows_2003_servervulnerable

References (20)

http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html

ExploitVendor Advisory

http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm

http://secunia.com/advisories/13482/

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/356600

PatchThird Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/11950

ExploitPatchVendor Advisory

http://www.us-cert.gov/cas/techalerts/TA05-039A.html

KEV Catalog EPSS Scores Vendors All CVEs