CVE-2009-4074: XSS
First published: Wed Nov 25 2009(Updated: )
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdf
- http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/
- http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/
- http://www.securityfocus.com/bid/37135
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7715
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft internet explorer
- version/microsoft internet explorer/8