CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 2CVE-2001-1325 – Microsoft Internet Explorer 5.0/5.5 / OE 5.5 - XML Stylesheets Active Scripting
https://notcve.org/view.php?id=CVE-2001-1325
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH). • https://www.exploit-db.com/exploits/20782 http://www.securityfocus.com/archive/1/3AE02004.57FDF958%40guninski.com http://www.securityfocus.com/bid/2633 https://exchange.xforce.ibmcloud.com/vulnerabilities/6448 •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2001-0092
https://notcve.org/view.php?id=CVE-2001-0092
A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability. • http://www.osvdb.org/7817 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093 https://exchange.xforce.ibmcloud.com/vulnerabilities/6086 •
CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 0CVE-2001-0091
https://notcve.org/view.php?id=CVE-2001-0091
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. • http://www.osvdb.org/7820 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093 https://exchange.xforce.ibmcloud.com/vulnerabilities/6085 •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 1CVE-2001-0089 – Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Remote File Upload
https://notcve.org/view.php?id=CVE-2001-0089
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability. • https://www.exploit-db.com/exploits/20459 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093 https://exchange.xforce.ibmcloud.com/vulnerabilities/5615 •
CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 0CVE-2000-0767
https://notcve.org/view.php?id=CVE-2000-0767
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability. • http://www.securityfocus.com/bid/1564 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055 •