Vulnerability Description
Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maxthon | Maxthon | 1.2 |
References
- http://secunia.com/advisories/14918PatchVendor Advisory
- http://www.osvdb.org/15424
- http://www.raffon.net/advisories/maxthon/multvulns.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/13073Exploit
- http://secunia.com/advisories/14918PatchVendor Advisory
- http://www.osvdb.org/15424
- http://www.raffon.net/advisories/maxthon/multvulns.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/13073Exploit
FAQ
What is CVE-2005-1091?
CVE-2005-1091 is a vulnerability with a CVSS score of 7.5 (HIGH). Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page.
How severe is CVE-2005-1091?
CVE-2005-1091 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1091?
Check the references section above for vendor advisories and patch information. Affected products include: Maxthon Maxthon.