CVE-2008-5555Cross-site Scripting in Microsoft Internet Explorer

CWE-79Cross-site Scripting5 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
15.5%
top 5.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedDec 12
Latest updateMay 14

Description

Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-vfp4-vxgp-j26v: Microsoft Internet Explorer 82022-05-14

💥Exploits & PoCs

3
Exploit-DB
HP Data Protector Manager 8.10 - Remote Command Execution2014-07-14
Exploit-DB
HP Data Protector - 'EXEC_BAR' Remote Command Execution2014-02-16
Exploit-DB
Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution2008-10-19
CVE-2008-5555 — Cross-site Scripting in Microsoft | cvebase