cbcvebase.
CVE-2012-0007
published 2012-01-10

CVE-2012-0007: The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets…

PriorityP430medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
19.28%
97.0th percentile
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftanti-cross_site_scripting_library
microsoftanti-cross_site_scripting_library

Detection & IOCsextracted from sources · hover to see the quote

  • XSS bypass via CSS escaped character sequences in HTML input passed to AntiXSS Library sanitization functions; monitor for CSS escape sequences (e.g., backslash-hex encoding) in HTML submitted to applications using AntiXSS 3.x or 4.0
  • Monitor calls to Microsoft.Security.Application.Sanitizer.GetSafeHtml() and GetSafeHtmlFragment() with inputs containing CSS escape sequences, as these are the vulnerable sanitization entry points
  • Successful exploitation may result in theft of cookie-based authentication credentials; monitor for anomalous cookie exfiltration following XSS payloads in applications using AntiXSS Library
  • ·Vulnerability affects Microsoft Anti-Cross Site Scripting Library versions 3.x and 4.0 only; later versions are not listed as affected
  • ·The bypass is specific to the sanitization module's handling of CSS escaped characters; other sanitization paths may not be affected

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.