CVE-2011-1252 — Cross-site Scripting in Microsoft Internet Explorer

CWE-79 — Cross-site Scripting4 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

13.4%

top 5.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedJun 16

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerabili…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer7, 8+1

🔴Vulnerability Details

GHSA

GHSA-wfv6-vr6v-73h2: Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Se↗2022-05-13

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 06-14-2011↗

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 09-13-2011↗

▶