← CVECheck
HomeVulnerabilities

CVE-2002-0648 — MEDIUM severity vulnerability (The legacy <script> data-island capability for XML in Micros)

The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.

CVE IDCVE-2002-0648
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2002-09-24
Last modified2026-04-16
DescriptionThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →