CVE-2009-4074
published 2009-11-25CVE-2009-4074: The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS)…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
14.84%
96.3th percentile
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hv98-5pf4-2phq: The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross
ghsa_unreviewed·2022-05-13·CVSS 4.3
CVE-2010-1489 [MEDIUM] CWE-79 GHSA-hv98-5pf4-2phq: The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross
The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
GHSA
GHSA-h53p-9rvc-mjwc: The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting
ghsa_unreviewed·2022-05-02
CVE-2009-4074 [MEDIUM] GHSA-h53p-9rvc-mjwc: The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/http://www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdfhttp://www.securityfocus.com/bid/37135http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7715http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/http://www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdfhttp://www.securityfocus.com/bid/37135http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7715
2009-11-25
Published