Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2281

4 documents4 sources
Severity
9.3CRITICAL
EPSS
55.9%
top 1.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedMay 18
Latest updateMay 1

Description

Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/ie8.0b

🔴Vulnerability Details

2
GHSA
GHSA-3fcj-3m99-wmmp: Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 62022-05-01
CVEList
CVE-2008-2281: Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 62008-05-18

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting2008-05-14
CVE-2008-2281 (CRITICAL CVSS 9.3) | Cross-zone scripting vulnerability | cvebase.io