CVE-2010-1489Cross-site Scripting in Microsoft Internet Explorer

CWE-79Cross-site Scripting2 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
22.1%
top 4.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedApr 20
Latest updateMay 13

Description

The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-hv98-5pf4-2phq: The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross2022-05-13
CVE-2010-1489 — Cross-site Scripting in Microsoft | cvebase