Lucene search
HistoryApr 20, 2010 - 4:30 p.m.
CVE-2010-1489
cve-2010-1489
xss filter
microsoft internet explorer 8
neutering
cross-site scripting
remote attackers
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.1 Medium
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.4%
The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
Affected configurations
Node
microsoftinternet_explorerMatch8
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft:internet_explorer | microsoft internet explorer | eq | 8 |
Related
cvelist
cvelist
CVE-2010-1489
2010-04-20 16:00:00
CVE-2009-4074
2009-11-25 18:00:00
nvd
nvd
CVE-2010-1489
2010-04-20 16:30:00
CVE-2009-4074
2009-11-25 18:30:00
prion
prion
Cross site scripting
2010-04-20 16:30:00
Cross site scripting
2009-11-25 18:30:00
openvas
openvas
Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability
2010-04-23 00:00:00
Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability
2010-04-23 00:00:00
Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities (Nov 2009)
2009-11-30 00:00:00
cve
cve
CVE-2009-4074
2009-11-25 18:30:00
securityvulns
securityvulns
mskb
mskb
MS10-002: Cumulative security update for Internet Explorer
2014-06-23 07:27:25
nessus
nessus
MS10-002: Cumulative Security Update for Internet Explorer (978207)
2009-01-21 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.1 Medium
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.4%
Related for CVE-2010-1489