CVE-2009-4074Cross-site Scripting in Microsoft Internet Explorer

CWE-79Cross-site Scripting4 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
19.7%
top 4.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedNov 25
Latest updateMay 13

Description

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hv98-5pf4-2phq: The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross2022-05-13
GHSA
GHSA-h53p-9rvc-mjwc: The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting2022-05-02
CVE-2009-4074 — Cross-site Scripting in Microsoft | cvebase