Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag.
Max CVSS
7.5
EPSS Score
1.50%
Published
2000-01-04
Updated
2022-08-17
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
Max CVSS
10.0
EPSS Score
1.17%
Published
2000-01-10
Updated
2022-08-17
Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.
Max CVSS
5.1
EPSS Score
26.99%
Published
1999-09-13
Updated
2008-09-09
3 vulnerabilities found