CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2004-1160

Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.5%

CVSS Severity

CVSS v2 Score 7.5

References

http://secunia.com/advisories/13402/
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
http://secunia.com/secunia_research/2004-13/advisory/
http://www.securityfocus.com/bid/11852
http://secunia.com/advisories/13402/
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
http://secunia.com/secunia_research/2004-13/advisory/
http://www.securityfocus.com/bid/11852

Products affected by CVE-2004-1160

Netscape » Navigator » Version: 7.0

cpe:2.3:a:netscape:navigator:7.0
Netscape » Navigator » Version: 7.0.2

cpe:2.3:a:netscape:navigator:7.0.2
Netscape » Navigator » Version: 7.1

cpe:2.3:a:netscape:navigator:7.1
Netscape » Navigator » Version: 7.2

cpe:2.3:a:netscape:navigator:7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-1160

Products

Pricing

Contact Us