Lucene search

K
cvelistMicrosoftCVELIST:CVE-2012-1858
HistoryJun 12, 2012 - 10:00 p.m.

CVE-2012-1858

2012-06-1222:00:00
microsoft
www.cve.org
8

AI Score

5.2

Confidence

High

EPSS

0.948

Percentile

99.3%

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka β€œHTML Sanitization Vulnerability.”