Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5551 — Cross-site Scripting in Microsoft Internet Explorer

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

32.3%

top 3.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedDec 12

Latest updateMay 14

Description

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer8

🔴Vulnerability Details

GHSA

GHSA-cxvw-3p7r-4cx6: The XSS Filter in Microsoft Internet Explorer 8↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 8 - CSS 'expression' Property Cross-Site Scripting Filter Bypass↗2008-12-11

▶