Lucene search
K

3 matches found

seebug.org
seebug.org
added 2010/10/14 12:0 a.m.45 views

Microsoft IE 8 toStaticHTML()函数不安全HTML过滤漏洞(MS10-071/MS10-072)

BUGTRAQ ID: 42467 CVECAN ID: CVE-2010-3324 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 IE8中对窗口对象提供了名为toStaticHTML的过滤方式。如果向这个函数传送了HTML字符串,在返回之前会删除所有可执行的脚本结构。例如,可使用toStaticHTML方式确保从postMessage调用所接收到的HTML无法执行脚本,但可利用基本格式: document.attachEvent'onmessage',functione if e.domain == 'weather.example.com'...

4.3CVSS6.3AI score0.25016EPSS
Exploits2
Check Point Advisories
Check Point Advisories
added 2010/10/12 12:0 a.m.28 views

Internet Explorer toStaticHTML API Cross-Site-Scripting (MS10-072; CVE-2010-3324)

Multiple memory corruption vulnerabilities have been reported in Microsoft Internet Explorer. An information disclosure vulnerability has been reported in the way that the toStaticHTML API sanitizes HTML. The vulnerability is due to the way that Internet Explorer handles content using specific...

4.3CVSS5.9AI score0.25016EPSS
Exploits2
CVE
CVE
added 2010/09/17 5:46 p.m.92 views

CVE-2010-3324

CVE-2010-3324 describes an IE8/SharePoint CSS @import-based XSS bypass. The connected MSKB MS10-035 documents a broader cumulative security update for Internet Explorer to address IE vulnerabilities (including remote code execution via crafted pages) and provides update guidance. However, the pro...

4.3CVSS7.4AI score0.25016EPSS
Exploits2References7Affected Software6
Rows per page
Query Builder