4.3
CVE-2009-4074
- EPSS 14.84%
- Veröffentlicht 25.11.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 14.84% | 0.963 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/
http://www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdf
http://www.securityfocus.com/bid/37135
http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7715