CVE-2000-0266
LowExploitation Probability (EPSS)
Very high risk97th percentile — higher than 97% of all known CVEs
Summary
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
Risk Assessment
Attackers can exploit this vulnerability to inject malicious JavaScript code, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to update Internet Explorer to the latest version or use alternative browsers that are not vulnerable to this issue.
Original NVD description (English source)
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.

